Windows
Analysis Report
fmlgbgc2p5.exe
Overview
General Information
Sample name: | fmlgbgc2p5.exerenamed because original name is a hash value |
Original sample name: | 8b0613982b6a7f0542a7dbfce43aa216a043ce9a2a2a24a7a2c77a6e8fa6aa72.exe |
Analysis ID: | 1569339 |
MD5: | 809d8bedb2da450b588bf82e9a118fe4 |
SHA1: | 5cb2c9863ddc2ba5346967bf0780554c8dc120f9 |
SHA256: | 8b0613982b6a7f0542a7dbfce43aa216a043ce9a2a2a24a7a2c77a6e8fa6aa72 |
Tags: | exeuser-adrian__luca |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- fmlgbgc2p5.exe (PID: 7280 cmdline:
"C:\Users\ user\Deskt op\fmlgbgc 2p5.exe" MD5: 809D8BEDB2DA450B588BF82E9A118FE4) - fmlgbgc2p5.exe (PID: 7336 cmdline:
C:\Users\u ser\Deskto p\fmlgbgc2 p5.exe MD5: 809D8BEDB2DA450B588BF82E9A118FE4) - omsecor.exe (PID: 7360 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: 6E897A612472AD8B51062A6844A8A17B) - omsecor.exe (PID: 7452 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: 6E897A612472AD8B51062A6844A8A17B) - omsecor.exe (PID: 8072 cmdline:
C:\Windows \System32\ omsecor.ex e MD5: 678D56882701DBE0727C09DD075B56D1) - omsecor.exe (PID: 8100 cmdline:
C:\Windows \SysWOW64\ omsecor.ex e MD5: 678D56882701DBE0727C09DD075B56D1) - omsecor.exe (PID: 8132 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: A4BA09D8D586AF0201C2E6584BE09E59) - omsecor.exe (PID: 396 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: A4BA09D8D586AF0201C2E6584BE09E59) - omsecor.exe (PID: 7440 cmdline:
C:\Windows \System32\ omsecor.ex e MD5: 75B0F2A9AD432A0DBC138A050D744956) - omsecor.exe (PID: 7596 cmdline:
C:\Windows \SysWOW64\ omsecor.ex e MD5: 75B0F2A9AD432A0DBC138A050D744956) - omsecor.exe (PID: 7612 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: 50E482AEFE2A49BBCB4AAEE1B8C70305) - omsecor.exe (PID: 7296 cmdline:
C:\Users\u ser\AppDat a\Roaming\ omsecor.ex e MD5: 50E482AEFE2A49BBCB4AAEE1B8C70305) - WerFault.exe (PID: 1168 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 612 -s 260 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 336 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 440 -s 248 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 424 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 8 132 -s 276 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 8144 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 8 072 -s 280 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7564 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 360 -s 276 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7424 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 280 -s 304 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Neconyd | No Attribution |
{"C2 url": ["http://mkkuei4kdsz.com/", "http://ow5dirasuek.com/", "http://lousta.net/"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Neconyd | Yara detected Neconyd | Joe Security | ||
JoeSecurity_Neconyd | Yara detected Neconyd | Joe Security | ||
JoeSecurity_Neconyd | Yara detected Neconyd | Joe Security | ||
JoeSecurity_Neconyd | Yara detected Neconyd | Joe Security | ||
JoeSecurity_Neconyd | Yara detected Neconyd | Joe Security | ||
Click to see the 7 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-05T18:09:19.895177+0100 | 2016998 | 1 | A Network Trojan was detected | 192.168.2.7 | 49708 | 193.166.255.171 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-05T18:10:07.909220+0100 | 2018141 | 1 | A Network Trojan was detected | 52.34.198.229 | 80 | 192.168.2.7 | 49833 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-05T18:10:07.909220+0100 | 2037771 | 1 | A Network Trojan was detected | 52.34.198.229 | 80 | 192.168.2.7 | 49833 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-05T18:09:13.072527+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 50001 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:09:41.929645+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49708 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:04.071060+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49771 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:05.646999+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49827 | 15.197.204.56 | 80 | TCP |
2024-12-05T18:10:07.719093+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49833 | 52.34.198.229 | 80 | TCP |
2024-12-05T18:10:32.196627+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49844 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:54.384861+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49898 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:55.730671+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49951 | 15.197.204.56 | 80 | TCP |
2024-12-05T18:10:57.327496+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49955 | 52.34.198.229 | 80 | TCP |
2024-12-05T18:11:21.525774+0100 | 2015786 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49963 | 193.166.255.171 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_2_004012C0 | |
Source: | Code function: | 2_2_0040ABD9 | |
Source: | Code function: | 2_2_00408248 | |
Source: | Code function: | 4_2_004012C0 | |
Source: | Code function: | 7_2_0040ABD9 | |
Source: | Code function: | 7_2_00408248 | |
Source: | Code function: | 13_2_004012C0 | |
Source: | Code function: | 14_2_0040ABD9 | |
Source: | Code function: | 14_2_00408248 | |
Source: | Code function: | 16_2_004012C0 | |
Source: | Code function: | 18_2_0040ABD9 | |
Source: | Code function: | 18_2_00408248 | |
Source: | Code function: | 23_2_004012C0 | |
Source: | Code function: | 24_2_0040ABD9 | |
Source: | Code function: | 24_2_00408248 | |
Source: | Code function: | 26_2_004012C0 | |
Source: | Code function: | 28_2_0040ABD9 | |
Source: | Code function: | 28_2_00408248 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 2_2_00407036 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00403000 | |
Source: | Code function: | 0_2_0042117B | |
Source: | Code function: | 0_2_00405582 | |
Source: | Code function: | 2_2_00401C41 | |
Source: | Code function: | 2_2_0040D2A4 | |
Source: | Code function: | 2_2_0040B51C | |
Source: | Code function: | 2_2_0040CBD0 | |
Source: | Code function: | 4_2_00403000 | |
Source: | Code function: | 4_2_0042117B | |
Source: | Code function: | 4_2_00405582 | |
Source: | Code function: | 7_2_00401C41 | |
Source: | Code function: | 7_2_0040D2A4 | |
Source: | Code function: | 7_2_0040B51C | |
Source: | Code function: | 7_2_0040CBD0 | |
Source: | Code function: | 13_2_00403000 | |
Source: | Code function: | 13_2_0042117B | |
Source: | Code function: | 13_2_00405582 | |
Source: | Code function: | 14_2_00401C41 | |
Source: | Code function: | 14_2_0040D2A4 | |
Source: | Code function: | 14_2_0040B51C | |
Source: | Code function: | 14_2_0040CBD0 | |
Source: | Code function: | 16_2_00403000 | |
Source: | Code function: | 16_2_0042117B | |
Source: | Code function: | 16_2_00405582 | |
Source: | Code function: | 18_2_00401C41 | |
Source: | Code function: | 18_2_0040D2A4 | |
Source: | Code function: | 18_2_0040B51C | |
Source: | Code function: | 18_2_0040CBD0 | |
Source: | Code function: | 23_2_00403000 | |
Source: | Code function: | 23_2_0042117B | |
Source: | Code function: | 23_2_00405582 | |
Source: | Code function: | 24_2_00401C41 | |
Source: | Code function: | 24_2_0040D2A4 | |
Source: | Code function: | 24_2_0040B51C | |
Source: | Code function: | 24_2_0040CBD0 | |
Source: | Code function: | 26_2_00403000 | |
Source: | Code function: | 26_2_0042117B | |
Source: | Code function: | 26_2_00405582 | |
Source: | Code function: | 28_2_00401C41 | |
Source: | Code function: | 28_2_0040D2A4 | |
Source: | Code function: | 28_2_0040B51C | |
Source: | Code function: | 28_2_0040CBD0 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_0040A057 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_2-5780 | ||
Source: | Evasive API call chain: | graph_7-5780 | ||
Source: | Evasive API call chain: | graph_14-5780 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00404854 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00402FF0 | |
Source: | Code function: | 2_2_0040D2A3 | |
Source: | Code function: | 2_2_0040CBC8 | |
Source: | Code function: | 4_2_00402FF0 | |
Source: | Code function: | 7_2_0040D2A3 | |
Source: | Code function: | 7_2_0040CBC8 | |
Source: | Code function: | 13_2_00402FF0 | |
Source: | Code function: | 14_2_0040D2A3 | |
Source: | Code function: | 14_2_0040CBC8 | |
Source: | Code function: | 16_2_00402FF0 | |
Source: | Code function: | 18_2_0040D2A3 | |
Source: | Code function: | 18_2_0040CBC8 | |
Source: | Code function: | 23_2_00402FF0 | |
Source: | Code function: | 24_2_0040D2A3 | |
Source: | Code function: | 24_2_0040CBC8 | |
Source: | Code function: | 26_2_00402FF0 | |
Source: | Code function: | 28_2_0040D2A3 | |
Source: | Code function: | 28_2_0040CBC8 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 2_2_0040350F | |
Source: | Code function: | 2_2_004039EA | |
Source: | Code function: | 7_2_0040350F | |
Source: | Code function: | 7_2_004039EA | |
Source: | Code function: | 14_2_0040350F | |
Source: | Code function: | 14_2_004039EA | |
Source: | Code function: | 18_2_0040350F | |
Source: | Code function: | 18_2_004039EA | |
Source: | Code function: | 24_2_0040350F | |
Source: | Code function: | 24_2_004039EA | |
Source: | Code function: | 28_2_0040350F | |
Source: | Code function: | 28_2_004039EA |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Evasive API call chain: | graph_14-5814 | ||
Source: | Evasive API call chain: | graph_2-5814 | ||
Source: | Evasive API call chain: | graph_14-5814 | ||
Source: | Evasive API call chain: | graph_2-5814 | ||
Source: | Evasive API call chain: | graph_7-5813 | ||
Source: | Evasive API call chain: | graph_7-5813 |
Source: | Evasive API call chain: | graph_13-3843 | ||
Source: | Evasive API call chain: | graph_14-5876 | ||
Source: | Evasive API call chain: | graph_4-3846 | ||
Source: | Evasive API call chain: | graph_2-5876 | ||
Source: | Evasive API call chain: | graph_0-3843 | ||
Source: | Evasive API call chain: | graph_7-5875 |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_004012C0 | |
Source: | Code function: | 2_2_0040ABD9 | |
Source: | Code function: | 2_2_00408248 | |
Source: | Code function: | 4_2_004012C0 | |
Source: | Code function: | 7_2_0040ABD9 | |
Source: | Code function: | 7_2_00408248 | |
Source: | Code function: | 13_2_004012C0 | |
Source: | Code function: | 14_2_0040ABD9 | |
Source: | Code function: | 14_2_00408248 | |
Source: | Code function: | 16_2_004012C0 | |
Source: | Code function: | 18_2_0040ABD9 | |
Source: | Code function: | 18_2_00408248 | |
Source: | Code function: | 23_2_004012C0 | |
Source: | Code function: | 24_2_0040ABD9 | |
Source: | Code function: | 24_2_00408248 | |
Source: | Code function: | 26_2_004012C0 | |
Source: | Code function: | 28_2_0040ABD9 | |
Source: | Code function: | 28_2_00408248 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3547 | ||
Source: | API call chain: | graph_0-3844 | ||
Source: | API call chain: | graph_0-3857 | ||
Source: | API call chain: | graph_2-5904 | ||
Source: | API call chain: | graph_4-3550 | ||
Source: | API call chain: | graph_4-3860 | ||
Source: | API call chain: | graph_4-3847 | ||
Source: | API call chain: | graph_7-5903 | ||
Source: | API call chain: | graph_13-3547 | ||
Source: | API call chain: | graph_13-3844 | ||
Source: | API call chain: | graph_13-3857 | ||
Source: | API call chain: | graph_14-5904 | ||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_14-6412 | ||
Source: | Debugger detection routine: | graph_2-6412 | ||
Source: | Debugger detection routine: | graph_7-6415 |
Source: | Code function: | 0_2_00401662 |
Source: | Code function: | 0_2_00404854 |
Source: | Code function: | 0_2_00421170 |
Source: | Code function: | 0_2_00406A50 | |
Source: | Code function: | 0_2_00401662 | |
Source: | Code function: | 0_2_00404121 | |
Source: | Code function: | 0_2_0040213B | |
Source: | Code function: | 2_2_004032B8 | |
Source: | Code function: | 2_2_0040CD66 | |
Source: | Code function: | 4_2_00406A50 | |
Source: | Code function: | 4_2_00401662 | |
Source: | Code function: | 4_2_00404121 | |
Source: | Code function: | 4_2_0040213B | |
Source: | Code function: | 7_2_004032B8 | |
Source: | Code function: | 7_2_0040CD66 | |
Source: | Code function: | 13_2_00406A50 | |
Source: | Code function: | 13_2_00401662 | |
Source: | Code function: | 13_2_00404121 | |
Source: | Code function: | 13_2_0040213B | |
Source: | Code function: | 14_2_004032B8 | |
Source: | Code function: | 14_2_0040CD66 | |
Source: | Code function: | 16_2_00406A50 | |
Source: | Code function: | 16_2_00401662 | |
Source: | Code function: | 16_2_00404121 | |
Source: | Code function: | 16_2_0040213B | |
Source: | Code function: | 18_2_004032B8 | |
Source: | Code function: | 18_2_0040CD66 | |
Source: | Code function: | 23_2_00406A50 | |
Source: | Code function: | 23_2_00401662 | |
Source: | Code function: | 23_2_00404121 | |
Source: | Code function: | 23_2_0040213B | |
Source: | Code function: | 24_2_004032B8 | |
Source: | Code function: | 24_2_0040CD66 | |
Source: | Code function: | 26_2_00406A50 | |
Source: | Code function: | 26_2_00401662 | |
Source: | Code function: | 26_2_00404121 | |
Source: | Code function: | 26_2_0040213B | |
Source: | Code function: | 28_2_004032B8 | |
Source: | Code function: | 28_2_0040CD66 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0040327A |
Source: | Code function: | 0_2_00406E83 | |
Source: | Code function: | 4_2_00406E83 | |
Source: | Code function: | 13_2_00406E83 | |
Source: | Code function: | 16_2_00406E83 | |
Source: | Code function: | 23_2_00406E83 | |
Source: | Code function: | 26_2_00406E83 |
Source: | Code function: | 0_2_00403196 |
Source: | Code function: | 2_2_00407499 |
Source: | Code function: | 2_2_00406CB5 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 112 Process Injection | 121 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 21 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 112 Process Injection | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 22 Software Packing | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
89% | ReversingLabs | Win32.Trojan.VirtuMonde | ||
100% | Avira | HEUR/AGEN.1352667 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1352667 | ||
100% | Avira | HEUR/AGEN.1352667 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
lousta.net | 193.166.255.171 | true | true | unknown | |
mkkuei4kdsz.com | 15.197.204.56 | true | true | unknown | |
ow5dirasuek.com | 52.34.198.229 | true | true | unknown | |
s-part-0035.t-0009.t-msedge.net | 13.107.246.63 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.166.255.171 | lousta.net | Finland | 1741 | FUNETASFI | true | |
52.34.198.229 | ow5dirasuek.com | United States | 16509 | AMAZON-02US | true | |
15.197.204.56 | mkkuei4kdsz.com | United States | 7430 | TANDEMUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1569339 |
Start date and time: | 2024-12-05 18:08:14 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | fmlgbgc2p5.exerenamed because original name is a hash value |
Original Sample Name: | 8b0613982b6a7f0542a7dbfce43aa216a043ce9a2a2a24a7a2c77a6e8fa6aa72.exe |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winEXE@29/27@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12, 52.168.117.172
- Excluded domains from analysis (whitelisted): onedsblobprdeus07.eastus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, time.windows.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: fmlgbgc2p5.exe
Time | Type | Description |
---|---|---|
12:09:41 | API Interceptor | |
12:09:48 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.166.255.171 | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
52.34.198.229 | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
| ||
Get hash | malicious | Simda Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ow5dirasuek.com | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
mkkuei4kdsz.com | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
lousta.net | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Neconyd | Browse |
| ||
s-part-0035.t-0009.t-msedge.net | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Phorpiex, RHADAMANTHYS, Xmrig | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FUNETASFI | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AMAZON-02US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Neconyd | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
TANDEMUS | Get hash | malicious | Neconyd | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fmlgbgc2p5.exe_8492373aeecbce8e182b4fd12204ea0c4c75534_ec40d01a_a5888e9c-e94a-484c-a91c-fb009698315d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7045948762016093 |
Encrypted: | false |
SSDEEP: | 96:l2FYJC3Wssh3zxTMb91QXIDcQvc6QcEVcw3cE/9mS+HbHg/8BRTf3Oy1FhZAX/dD:gSJC3WFF0BU/4ju1zuiFCZ24IO81 |
MD5: | D79ECD861FB598613DAE97C6B110DE00 |
SHA1: | 978BDE9B3EF1681A39742804094083EBECCF04D6 |
SHA-256: | 9D56EE817A5F5FAF8491B71DE2D4846D7D72A84F840B6951DEC71355EFF66D28 |
SHA-512: | 475B6F31343EA942F564BC06AF69E7EE184D30CAB508CF0A5DF06874714FF1E01748E2FD3426E44EE40EE0A2F6C44E74A4B46B9C7D51377DFA870E2224D3FADE |
Malicious: | true |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_3cccf68f558aebdae18074d03e529771c2cd8b9_db98bc25_591e6923-1f0b-41a3-886f-f1afa133b771\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7039509512860884 |
Encrypted: | false |
SSDEEP: | 96:WlFwOW8Gm0tsXhJozxTMb91QXIDcQvc6QcEVcw3cE/99n+HbHg/8BRTf3Oy1FhZ7:a6n8Grt8SF0BU/Aju1zuiFCZ24IO8I |
MD5: | F466FE17C450EB2CEB242C7F0E502104 |
SHA1: | E55613BFF93FAC361CA84BFE9215C24A92A6BF8F |
SHA-256: | D336648306D6A126D713F1DF29416521AE8B0DE8067361BA84AA7B7224C8812D |
SHA-512: | 88488B09AC8C9DA048724D9DE45D33F84E3528C84560319F150158E1D9CD2CC7A6F38A44129977162D1A243E8519793C83EA55A0FAAEC253143F1921CC58A7B2 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_43b89a372cc43de2a7ad92b15f8c94dc4564c6c_6ad46281_f25293c8-0722-4786-92a3-f6d674ac44d6\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6974801132539817 |
Encrypted: | false |
SSDEEP: | 96:4iFdWXhTxARsXhBszxTMb91QXIDcQvc6QcEVcw3cE/O0t+HbHg/8BRTf3Oy1FhZy:j/WXDARkmF0BU/Yju1zuiFCZ24IO8J |
MD5: | 794DB18AA911CB3651F0668B30E4DBFC |
SHA1: | 4B30FDB350E4D0DF0301F98F47E9DAC02FE205B1 |
SHA-256: | 6ED79B979EAA0AD4E5AE6BE5B1D1C7A9A4724B6FF2BB9DFF8038968707FD49E1 |
SHA-512: | 545C4CBDC6D14450DC48DE9DE1208A58821D1B1FE3C36429297AC6B0BCA7BA813F8051B6DB6A62CFF61B67E6D37106FC448200FC43337195EB089A42EA91F7E7 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_9952b2275c3b2d9f13a9f763df5d566769d0f6d5_f592aad2_771e5020-42c0-4858-be71-6301429ff170\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6968864431654846 |
Encrypted: | false |
SSDEEP: | 96:zBFbAmJNosXhGzxTMb91QXIDcQvc6QcEVcw3cE/99n+HbHgnoW6HeOyushZAX/dP:dpA2NoHF0BU/AjzXzuiFdZ24IO8I |
MD5: | 2CAD7526A31F60851553C8B796444D15 |
SHA1: | 1C5BFA1D523DF1270E7276847C787AAF5264E19C |
SHA-256: | 64A6C2098862DCDA171001F7235F0B1A27834F84F51853C7DD21CF2725E32745 |
SHA-512: | 45DC4F796673CF65F0ACB56ED5B39124804E29683D176ED6FAD426A555D78C95B40F9DC2CFA64F4F6FE36FEDE6F46BB3BD3EAC30E3F830678162883066B6D515 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_a6df591168a6a85c9a656b1ea23bbe9446cb4_b1bc9e8b_8663d629-c955-48f3-8fd0-8fcfbb38f7d4\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6968846418239283 |
Encrypted: | false |
SSDEEP: | 96:NeFzSqrm6zsXhNzxTMb91QXIDcQvc6QcEVcw3cE/99n+HbHgnoW6HeOyushZAX/k:QJfr1zqF0BU/AjzXzuiFCZ24IO8I |
MD5: | 579A106F2064137F0D9E72855C1A15FE |
SHA1: | 05AF4DEA8A48C65BA9B2F8E243A4BCD37899DA99 |
SHA-256: | D319865F8AFC535E2AD66CB3912BD91D4428B1DE0B11A7C1BC9704C183FBCF06 |
SHA-512: | 67FB8D3A59C90E5A011D58D1E64DA55BC1172A74026EE2C0F5EE743D28E13AEDCA83BF81488800E08066FCE22EBFECD5659EDC8F3270B7ACE9FD6A88D4A1AF96 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_ea34fb17614e843647b5ef236565be8b1b3a2f_53b5ecb7_6c9d9e65-97ae-4b7d-b519-d97359ec0174\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6904105207040816 |
Encrypted: | false |
SSDEEP: | 192:9IGPj3eKOEsF0BU/YjzXzuiFdZ24IO8J:hj3eKOEsmBU/YjDzuiFdY4IO8J |
MD5: | 663C52A7377C25B15A14090340B2BC47 |
SHA1: | 2A36B45F9E9B5DE9851B7C31F0D9B609EB3E49EC |
SHA-256: | 1D9473ECFB9C4F9E25357344348850C1D913BB122E60F893CF35056121C90A6D |
SHA-512: | 1C6E01EA6FC169AEA70BF278D110AFBC00F589EE174DAEDBE9397F6388A14EE7071D3C139E89FD660203DC80E62C0274B9701FCA6553AF4E3755C5B67D9D65B0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34114 |
Entropy (8bit): | 2.0098473980093425 |
Encrypted: | false |
SSDEEP: | 192:5WuRKjE/UOfxvWNey9ScvqW/2auClcTi:scfxyeOvXzuW |
MD5: | E74E04D593962EE3EFCCCFB4CB405C29 |
SHA1: | 6CE143883E611418639323C312A10D314BF1D74E |
SHA-256: | 1242E54CF39F034F7575071F8D062F0C4801136BBE8EBE8F513A072F6B84D3C1 |
SHA-512: | 74D9779DD5FE37AD8E06B20D58AEC8FCF96798BEE3C1270FC9A2CA36E02765DFA7D3B7DD5CEBA9398DE974BB928B2FAF7823C4667D57B3AF6AA8574505216C89 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6280 |
Entropy (8bit): | 3.71719075814616 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJus64NYEw4u6pr089bWNsfcWLym:R6lXJV6qYEw4uOWGfHf |
MD5: | C99D414FD806DF84B89ABFF8F86DFE96 |
SHA1: | 05497A8399E6533BB5C3E207CD9861523BC39973 |
SHA-256: | 84E1D8B93D115B2B8BDC0D54DD4F904F4881BD3B33E34B328586AFFEF2F1F7E0 |
SHA-512: | F27D847EF0E17ED70E4AE6033B97E441D17574A79F1999EA8C9B7CFC9A370DBEB9523B30BB453C0018AB77C08DB523FFEE5E3F6892AEAAF484914329A402BAF3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4648 |
Entropy (8bit): | 4.465554044932767 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZkJg77aI9ZuWpW8VYvYm8M4J+maqF8PW+q8Tag/sTy2p8d:uIjfUI7PP7V/J+rJuiaysTXp8d |
MD5: | 80F6DB076DF7B0C03B91F0868FEF2E4E |
SHA1: | 280AB9F45B77F7FE1E4BE61A1516C59F79261598 |
SHA-256: | B24903C2D5DC5CF0C8EC68990C5A4C7DBF12D8D46EB42ADE3D6B980194FAAC50 |
SHA-512: | FAB07A2113B7289F73C1224733739C6F071682EBFCBD06DE56618E50DBA111CE00D69E325C4244BC593DBDF2358AB366F5E9A955DB71EF213FB01E36BB175CC6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33646 |
Entropy (8bit): | 2.013418893985959 |
Encrypted: | false |
SSDEEP: | 96:5Q8s0SU+TTMHCUdE5tUi7D331MQGzDXaeWdKcMC7oQPdyMr4rpWIkWIl/I45IUHD:5iCCHUO5GzDqehSRyMso5IUHEkn/ |
MD5: | 4BD1A3EC04BA3B9F6C57EFACBD3C5591 |
SHA1: | 6DDDE6536C5953CF2005246620DA1401B97E752C |
SHA-256: | EFA61C707CE0465CD9AA7FE9AAC3AA12FAD7B4929CC76DF36CFB100A36ADBEE2 |
SHA-512: | D1514AAA6B8F802DAA30144C7F39B7F0A643E9FD2E6A5A24106F31131B60018EAADD983FB8D28FD5EA29E43C5E2EED162B08F72DB271F34916302650578FD298 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8240 |
Entropy (8bit): | 3.6918612188599638 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJb26DL6Yrl6jkgmf04u6prZ89bWdsfxym:R6lXJq6DL6Yp6ggmf04u5WWfl |
MD5: | 4D44223635938380AE14BA7F471714A6 |
SHA1: | 07AADF9CD3AA1B47DD165F2E1F6B67F9F1A67DBF |
SHA-256: | 627DD871B94AC63AE4C387E552D3643BF94D595D73AE22103358C67F4BE078AF |
SHA-512: | C546968491B947EA46F44D6B1104AE5853011C10AE2EB89F9DFA7D4F943B70AB27561A1284B6168D0FDECBEAFE01A3BF22BEA2D950A6EDAAB5B6B6676EF1F59A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4648 |
Entropy (8bit): | 4.46871130383936 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZkJg77aI9ZuWpW8VYtYm8M4JqaqF18x+q85gXT7Vld:uIjfUI7PP7VtJfaaqKT7Vld |
MD5: | 4EE572B4D721952EEC18CA97D69C229D |
SHA1: | DFC8EE3E3709F321CA731F1FBE0DB08735848400 |
SHA-256: | 72626D641F8FAFC94D21201665F450EF2CAB04C9144D9E8ECDB88D90EE98BE33 |
SHA-512: | F859F0502DD7800E485E2C9F6DD4F3A6D82F2009679CC9FC16DA7DF54186DEEA2E0A45B4829D35D6E016642636B7B4046356542B8DBE9CC43A394F5758B4BC86 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34068 |
Entropy (8bit): | 2.0064273589642734 |
Encrypted: | false |
SSDEEP: | 96:5V8+pYpFvE+y+oihw4TeL00GSI1jt2i73C3VIFgP/xjOiiTS2exsfqIMSrdR6wry:8+yIjg//2OGPpS/S2pxdR50yLNfRU |
MD5: | CAE2AD10B221E4FCDD4BACA0E9CB0D86 |
SHA1: | 3C84466CEFB5EC7115B8A0CB032B11026CED1E5E |
SHA-256: | 33D121E8BA747D215562B0216594C39AD2537ABFE4C597CE67599075671E3C45 |
SHA-512: | DCC65CC8170E797AD48F108F0AE7248376FBB5DA9FA6132E457A687CB2E0C2B3A2D5DEF94C246A0C6286CA15F9CC4C8CDEB54550A51F2C3FA22ADCD6A0E20C69 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8312 |
Entropy (8bit): | 3.698631883261777 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNMh6NN6YNvSUBRgmfX4u6pr189bJxsf0AFDm:R6lXJ6h6n6YlSUBRgmfX4utJqfQ |
MD5: | 6223873DE036A592F4A739334EA21F7F |
SHA1: | A00CD06C2F54A32067E684D13CFFA0917D21DED1 |
SHA-256: | 0C864FBA11CC671F591332C93E8306E31B5EACC7973237DF593AA63B5B84BB26 |
SHA-512: | F8AEE7C13077D1D7C670ED3B41F85D7D9C1B570A9D2EE9E65ECD38D03DD27A2E7D6AA94BBD0100C5115AA07D2B3B6C45325DAC7D64E59FD3628DD1F0DD89A794 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4663 |
Entropy (8bit): | 4.473035251656683 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZ1Jg77aI9ZuWpW8VYFYm8M4JoaqFMP+q86g1GTFHWd:uIjftI7PP7VBJJ7PrOGTFHWd |
MD5: | 095057EFDE8D4F6FB72250D550230127 |
SHA1: | A9D9161DCE9695D9D731E1CC714BDEE59CD03B3F |
SHA-256: | B69F136BC21DF1CD188B04E8071D099F936806462451D995B021D8FBE051EFD2 |
SHA-512: | 46D5DCCED3C19BCB37E0CD76B5BD7AE72C12607BFE0FCF6355FFFFA84390BAB206D66D76DC448BA1772C9CB988F4ED95A8E70F3416124F67BCFA7EDE1551D31B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34062 |
Entropy (8bit): | 2.0140100065722737 |
Encrypted: | false |
SSDEEP: | 96:5E8XaOwyCyQgKcF9R0xyVBUi73O3xE3PgWdt+GdrMRjReCp00zgLEQrgWIkWItIW:tFRK9MUOn4Wf+G1MbeCoLvU1AxeeyiV |
MD5: | 00D618251435742CD191915D966BFFCC |
SHA1: | C2D252DCC93FFEEC519D57597DB855820A7207D8 |
SHA-256: | 8E3A6F593C0B571E25DEB789405D2BD7B50D6BC344A3DCD6096FF5966C720900 |
SHA-512: | 9D853A526C9136C35B73B80DAFFB405662D0703C71E547223D1C169424E1417EB028D43C2BF51930BA89A59D3AF6E0B4848E9509174465B2A9EBD9A49131018A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8240 |
Entropy (8bit): | 3.693030622239775 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRN6P6YTD6CgmfV4u6prZ89bOqsfZ4am:R6lXJ76P6Y36CgmfV4u5OJfZk |
MD5: | 2D05211D3AC21540DE98F6B47A0053E6 |
SHA1: | C9FEF9558EF538A9939B01E83055E761112380BC |
SHA-256: | 090C872755DEAC4646BBAFF5877E99E431437C04F96BD5184C7925123199C11F |
SHA-512: | 9935CC73716F105A704ACE4D6A43BAC1737493B53DA39D2F15AC012B0DE906D34EA64FEB2E8DE18CCDD96290693F9BCB86A94BD09007049C10A6260014C33F10 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4648 |
Entropy (8bit): | 4.466000007255134 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZ1Jg77aI9ZuWpW8VYvYm8M4J9aqFBU+q8QgqAT7vKd:uIjftI7PP7VfJ0+U3+T7vKd |
MD5: | 4BE4CD31848E9FF2C41FD41E84DF6B44 |
SHA1: | 189CB891C1AF3A10FE8638783F4E86763AE84FF1 |
SHA-256: | 019EA4FBBCB6C5816CF7536AB596D165805C9FC785630872411B81915335F3F4 |
SHA-512: | 14B626BB53830BE6AA9AF70BA309741046CC91DBC49A7C861079B33C514AA91456CA6B16D84EF46515794F792736457AE33985731A103F0CB1A15FAFA6BB1356 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33646 |
Entropy (8bit): | 2.0093032600406406 |
Encrypted: | false |
SSDEEP: | 96:5b8jQWEMJSU+TTMHCUdEmKgUi7DW3NID3llPRS6eL1woq7sxIw9EESy9lnLEwrom:CFbOCC0UO31xRSJxdqcSanLvhcflQmE |
MD5: | 60A914B23999FEC63F46F66260BF8775 |
SHA1: | 9A05D360661DFCCB351B2E42C20CB45181C33459 |
SHA-256: | 2BB0A9E4BC344731FCF21A95BA9419AF3F3D8BEE36F5D06D5F861C9D6ABA5C98 |
SHA-512: | 9CA85794926BC5C36E051BD2CC004017ED2F3F93A26627F47DA447FBA8129123A4EE0D1B328C1146DACCCD9710D719AE05414ED739FA4E864791C5CBA96F6D4E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6280 |
Entropy (8bit): | 3.7176047442631237 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbk86sYy4x0QE/vv+5aM4Ut89bPiGsfHPF9Qm:R6l7wVeJk86sYy4u6prt89baGsfHPFem |
MD5: | D23C9AFC661494229A12E14AF0600BE7 |
SHA1: | BC5728D4E28A9D3E48AEA4390CFD3B96AA9FBEF0 |
SHA-256: | A0FD37CB915E6FE1F01420AD54660D9FFDCC7B1E2614B1B4E3C7B48366E3C1FC |
SHA-512: | 7B2F36CABDDD045A44654A937D4692449214AD04DAD5597AE2C2C6FDFE7ACA037CABBF18A9AD5EA136BBB1B892F181591F8F34859C6965D81920879CF0DDD19D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4648 |
Entropy (8bit): | 4.467607127820123 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZTJg77aI9ZuWpW8VYJYm8M4JqaqFbRR+q8dgZr3Ty2Q7d:uIjfPI7PP7VNJfuRqgr3TXQ7d |
MD5: | 3557525D78415BDA9D074046651F5F19 |
SHA1: | 822C4FA673F3BB18043EFCA3E44A1D9E06352DC7 |
SHA-256: | 3FB2D411673B1909DFF07897274578507FCF850F027808D8A7A807B8552BC13C |
SHA-512: | 2DD7B92822307920F410CABE06B294EBF13CD6BB5FCDD4ABE6C5DB12EE1143975E43AC548510E9C25215C69AF1CCB12B50D7D170F559BC38DD7EC1A73298674E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33646 |
Entropy (8bit): | 2.003934772264745 |
Encrypted: | false |
SSDEEP: | 192:blCCm1UOWJisCdLlLKSit93qGJ2WnSxk6:lG2CplLKN93B2WSH |
MD5: | 1662551753AA4FBF8CCA921AA99DDEC6 |
SHA1: | 7A0BD1C0E10A08EF35E335272B3BAD6607FC8242 |
SHA-256: | 6FB367FCA5320A1F4306511FC6F218A0B41A395AE45C6462F31CCF470CF7A704 |
SHA-512: | D2540307D9E181F3B5F2C9D49830AB512DDDC0F5E06F776227E7F90E419741A138648F5A6DD0CAD12AA8E4A80AC5CA0CAB261F85A17531BF6FDCEC71D9565997 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8240 |
Entropy (8bit): | 3.6915008095433524 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJpj1666Yve6YgmfV4u6prl89bj1sf2hm:R6lXJ91666YW6YgmfV4u9jOfh |
MD5: | F657AC0EB7FCE737FF2431ED50B92C50 |
SHA1: | 5CA300860D611CE36AAF05C1DF7312C1972D1224 |
SHA-256: | 9D5BB72DE7236A5ED285EB31F170E81FE2245065B25406E138215406893E541E |
SHA-512: | 22082C54608E159AA663C3B191C27703BFC909366ED3D0AB2010D28D735E5F9EDA3923748B18DFDBCE8776299C756814ED48C6F3AB3C8724899979FB41841027 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4648 |
Entropy (8bit): | 4.468279794774689 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsZTJg77aI9ZuWpW8VYQYm8M4JVaqFf+q8Yg2T7KDwMjd:uIjfPI7PP7VoJcAP7T7KLjd |
MD5: | D5476DFA2D2E4D3F53CF80DFAED2F2B5 |
SHA1: | D0A0FD4C9F53AE84D96AF1B296CA1E57B343F7CD |
SHA-256: | 0821F79771B64C3FC57B531CD7F1730B30FCB3DE4D0836502955DB355069586F |
SHA-512: | 6564C03A3F11E3784D579EDFCBE4C417E541FC26531CB3D23DF84245255C4A5F582C4BB692258DFAE7EEB712D9415C048E759902DCCCB6219DC1788F4FCC4DFC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\fmlgbgc2p5.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98330 |
Entropy (8bit): | 7.9596512885560085 |
Encrypted: | false |
SSDEEP: | 1536:snAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxq:sGs8cd8eXlYairZYqMddH13q |
MD5: | 50E482AEFE2A49BBCB4AAEE1B8C70305 |
SHA1: | 10BCE9FBE4CF53152A0CC551A077C50D3F2500BE |
SHA-256: | 8348D70C59B9EBE0DC19E35CDB4176E5825BD691BD1DC1EA6A0FE8EAAB0A5384 |
SHA-512: | E1F609BBD66C06830A47F075E8D17EECDB0D6E816CB451E7F88EB00982D8E7B6955FA52EB6BFC7DD11A57EC798646EF9A8B17EA350FDD91CC791FCA5FFFA1E4B |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\omsecor.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98330 |
Entropy (8bit): | 7.959652331914838 |
Encrypted: | false |
SSDEEP: | 1536:rnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxq:rGs8cd8eXlYairZYqMddH13q |
MD5: | 75B0F2A9AD432A0DBC138A050D744956 |
SHA1: | 22D02018102A34D608F7A7B567B0B059DD03931E |
SHA-256: | 805C565C436AA64C736BA52D4C1F4B8CB4CE573C76A3774B97FCD6CAC9618039 |
SHA-512: | F4A02400B44ED5C5058F46AFA70905962B83CA5E02C92105313381B9ADF6B091F7E612FB15ABA0994DF41F38BCFE5CD6138F34C7C8FF17AF35EC292C48215701 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4229033757993115 |
Encrypted: | false |
SSDEEP: | 6144:4cifpi6ceLPL9skLmb0mSSWSPtaJG8nAgex285i2MMhA20X4WABlGuNe5+Koo:ti58SSWIZBk2MM6AFBsoKoo |
MD5: | FC2977C1E361D75035216477A5A62FCA |
SHA1: | 21604D0A222BF32162CF9513ED64421F1F298532 |
SHA-256: | A68D6763B8BC4E7F2F9BCB6ECF5CD8086780109FB64ABBC956318397C823FD5A |
SHA-512: | BB9723833F677C248499D120E0CE90E830913A6C41887695AD75267A6B693E79521EDEB02947A294FDA9D7241F9DAD569BC6320EBC658051675B2CEE12FA3156 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9596555927736325 |
TrID: |
|
File name: | fmlgbgc2p5.exe |
File size: | 98'330 bytes |
MD5: | 809d8bedb2da450b588bf82e9a118fe4 |
SHA1: | 5cb2c9863ddc2ba5346967bf0780554c8dc120f9 |
SHA256: | 8b0613982b6a7f0542a7dbfce43aa216a043ce9a2a2a24a7a2c77a6e8fa6aa72 |
SHA512: | 4768075e7c02683f09e9d23339b5a69724c3439c711244c7761f9ceaf44f7c4a6d8b1189ab47214e4aa4a27e1fad1f07b4be4d3d374c87326611fc68be378287 |
SSDEEP: | 1536:hnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxq:hGs8cd8eXlYairZYqMddH13q |
TLSH: | 95A302CAC93DE0D9F0F9593945AFE54732BCEC17A198173B8BD8256CBD885D80A110F9 |
File Content Preview: | MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....y.P.................p........................@..........................0................... ................................... ..................................................... |
Icon Hash: | 0305820181422513 |
Entrypoint: | 0x4210a8 |
Entrypoint Section: | .MPRESS2 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x50AF79C4 [Fri Nov 23 13:27:32 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 850bf254c76e5c8effedc1f08eb6c411 |
Instruction |
---|
pushad |
call 00007F163D54D525h |
pop eax |
add eax, 00000B5Ah |
mov esi, dword ptr [eax] |
add esi, eax |
sub eax, eax |
mov edi, esi |
lodsw |
shl eax, 0Ch |
mov ecx, eax |
push eax |
lodsd |
sub ecx, eax |
add esi, ecx |
mov ecx, eax |
push edi |
push ecx |
dec ecx |
mov al, byte ptr [ecx+edi+06h] |
mov byte ptr [ecx+esi], al |
jne 00007F163D54D518h |
sub eax, eax |
lodsb |
mov ecx, eax |
and cl, FFFFFFF0h |
and al, 0Fh |
shl ecx, 0Ch |
mov ch, al |
lodsb |
or ecx, eax |
push ecx |
add cl, ch |
mov ebp, FFFFFD00h |
shl ebp, cl |
pop ecx |
pop eax |
mov ebx, esp |
lea esp, dword ptr [esp+ebp*2-00000E70h] |
push ecx |
sub ecx, ecx |
push ecx |
push ecx |
mov ecx, esp |
push ecx |
mov dx, word ptr [edi] |
shl edx, 0Ch |
push edx |
push edi |
add ecx, 04h |
push ecx |
push eax |
add ecx, 04h |
push esi |
push ecx |
call 00007F163D54D583h |
mov esp, ebx |
pop esi |
pop edx |
sub eax, eax |
mov dword ptr [edx+esi], eax |
mov ah, 10h |
sub edx, eax |
sub ecx, ecx |
cmp ecx, edx |
jnc 00007F163D54D548h |
mov ebx, ecx |
lodsb |
inc ecx |
and al, FEh |
cmp al, E8h |
jne 00007F163D54D514h |
inc ebx |
add ecx, 04h |
lodsd |
or eax, eax |
js 00007F163D54D528h |
cmp eax, edx |
jnc 00007F163D54D507h |
jmp 00007F163D54D528h |
add eax, ebx |
js 00007F163D54D501h |
add eax, edx |
sub eax, ebx |
mov dword ptr [esi-04h], eax |
jmp 00007F163D54D4F8h |
call 00007F163D54D525h |
pop edi |
add edi, FFFFFF4Dh |
mov al, E9h |
stosb |
mov eax, 00000B56h |
stosd |
call 00007F163D54D525h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x21000 | 0xa8 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x798 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2103c | 0x10 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.MPRESS1 | 0x1000 | 0x20000 | 0x16800 | 3c05710d8e0f8b2c4b5195d41c97543d | False | 1.000390625 | data | 7.998409371053569 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.MPRESS2 | 0x21000 | 0xc12 | 0xe00 | 58ed9b290702b61b25d57f2eb0e1ef56 | False | 0.5131138392857143 | data | 6.0539393201204925 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x22000 | 0x798 | 0x800 | 08f85d44ed88a96e513482027c080e7c | False | 0.34375 | data | 3.22496295890587 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0xd1c0 | 0x131fc | data | English | United States | 1.0004934210526315 |
RT_ICON | 0x220c0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.19489247311827956 |
RT_STRING | 0x206a4 | 0x54 | empty | English | United States | 0 |
RT_GROUP_ICON | 0x22428 | 0x14 | data | English | United States | 1.2 |
RT_VERSION | 0x2247c | 0x284 | data | English | United States | 0.4922360248447205 |
RT_MANIFEST | 0x22740 | 0x56 | ASCII text, with CRLF line terminators | English | United States | 1.0232558139534884 |
DLL | Import |
---|---|
KERNEL32.DLL | GetModuleHandleA, GetProcAddress |
USER32.dll | GetClassNameA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-05T18:09:13.072527+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 50001 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:09:19.895177+0100 | 2016998 | ET MALWARE Connection to Fitsec Sinkhole IP (Possible Infected Host) | 1 | 192.168.2.7 | 49708 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:09:41.929645+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49708 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:04.071060+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49771 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:05.646999+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49827 | 15.197.204.56 | 80 | TCP |
2024-12-05T18:10:07.719093+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49833 | 52.34.198.229 | 80 | TCP |
2024-12-05T18:10:07.909220+0100 | 2018141 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | 1 | 52.34.198.229 | 80 | 192.168.2.7 | 49833 | TCP |
2024-12-05T18:10:07.909220+0100 | 2037771 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst | 1 | 52.34.198.229 | 80 | 192.168.2.7 | 49833 | TCP |
2024-12-05T18:10:32.196627+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49844 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:54.384861+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49898 | 193.166.255.171 | 80 | TCP |
2024-12-05T18:10:55.730671+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49951 | 15.197.204.56 | 80 | TCP |
2024-12-05T18:10:57.327496+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49955 | 52.34.198.229 | 80 | TCP |
2024-12-05T18:11:21.525774+0100 | 2015786 | ET MALWARE Ransom.Win32.Birele.gsg Checkin | 1 | 192.168.2.7 | 49963 | 193.166.255.171 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 5, 2024 18:09:19.895176888 CET | 49708 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:20.015081882 CET | 80 | 49708 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:09:20.015182972 CET | 49708 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:20.022612095 CET | 49708 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:20.142782927 CET | 80 | 49708 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:09:41.929482937 CET | 80 | 49708 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:09:41.929645061 CET | 49708 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:41.930557013 CET | 49708 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:42.043328047 CET | 49771 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:42.050311089 CET | 80 | 49708 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:09:42.163161993 CET | 80 | 49771 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:09:42.163412094 CET | 49771 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:42.163638115 CET | 49771 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:09:42.283363104 CET | 80 | 49771 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:04.070904970 CET | 80 | 49771 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:04.071059942 CET | 49771 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:04.071096897 CET | 49771 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:04.191118002 CET | 80 | 49771 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:04.421276093 CET | 49827 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:04.541254997 CET | 80 | 49827 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:04.541412115 CET | 49827 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:04.541574955 CET | 49827 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:04.662012100 CET | 80 | 49827 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:05.646893978 CET | 80 | 49827 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:05.646998882 CET | 49827 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:06.236660957 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:06.356581926 CET | 80 | 49833 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:06.356738091 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:06.357047081 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:06.477431059 CET | 80 | 49833 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:07.718915939 CET | 80 | 49833 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:07.719068050 CET | 80 | 49833 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:07.719093084 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:07.719152927 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:07.789298058 CET | 49833 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:07.909219980 CET | 80 | 49833 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:08.695266962 CET | 49827 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:10.162571907 CET | 49844 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:10.282452106 CET | 80 | 49844 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:10.282543898 CET | 49844 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:10.282772064 CET | 49844 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:10.402587891 CET | 80 | 49844 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:32.196511984 CET | 80 | 49844 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:32.196626902 CET | 49844 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:32.196803093 CET | 49844 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:32.316574097 CET | 80 | 49844 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:32.365041971 CET | 49898 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:32.485018015 CET | 80 | 49898 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:32.485133886 CET | 49898 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:32.546143055 CET | 49898 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:32.666019917 CET | 80 | 49898 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:54.384713888 CET | 80 | 49898 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:54.384860992 CET | 49898 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:54.384974957 CET | 49898 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:54.500397921 CET | 49951 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:54.504889011 CET | 80 | 49898 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:54.620868921 CET | 80 | 49951 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:54.621009111 CET | 49951 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:54.621197939 CET | 49951 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:54.741923094 CET | 80 | 49951 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:55.730530977 CET | 80 | 49951 | 15.197.204.56 | 192.168.2.7 |
Dec 5, 2024 18:10:55.730670929 CET | 49951 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:55.843384027 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:55.963144064 CET | 80 | 49955 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:55.963241100 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:55.963536978 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:56.086004019 CET | 80 | 49955 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:57.327356100 CET | 80 | 49955 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:57.327496052 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:57.328866005 CET | 80 | 49955 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:57.328933001 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:57.328969002 CET | 49955 | 80 | 192.168.2.7 | 52.34.198.229 |
Dec 5, 2024 18:10:57.448900938 CET | 80 | 49955 | 52.34.198.229 | 192.168.2.7 |
Dec 5, 2024 18:10:57.560251951 CET | 49951 | 80 | 192.168.2.7 | 15.197.204.56 |
Dec 5, 2024 18:10:59.493081093 CET | 49963 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:59.613873005 CET | 80 | 49963 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:10:59.614020109 CET | 49963 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:59.614279985 CET | 49963 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:10:59.734798908 CET | 80 | 49963 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:11:21.525563002 CET | 80 | 49963 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:11:21.525774002 CET | 49963 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:11:21.525877953 CET | 49963 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:11:21.637634039 CET | 50001 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:11:21.646197081 CET | 80 | 49963 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:11:21.757520914 CET | 80 | 50001 | 193.166.255.171 | 192.168.2.7 |
Dec 5, 2024 18:11:21.757687092 CET | 50001 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:11:21.757900000 CET | 50001 | 80 | 192.168.2.7 | 193.166.255.171 |
Dec 5, 2024 18:11:21.877674103 CET | 80 | 50001 | 193.166.255.171 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 5, 2024 18:09:19.644263029 CET | 63432 | 53 | 192.168.2.7 | 1.1.1.1 |
Dec 5, 2024 18:09:19.878498077 CET | 53 | 63432 | 1.1.1.1 | 192.168.2.7 |
Dec 5, 2024 18:10:04.185692072 CET | 49192 | 53 | 192.168.2.7 | 1.1.1.1 |
Dec 5, 2024 18:10:04.420393944 CET | 53 | 49192 | 1.1.1.1 | 192.168.2.7 |
Dec 5, 2024 18:10:05.764008999 CET | 59605 | 53 | 192.168.2.7 | 1.1.1.1 |
Dec 5, 2024 18:10:06.235613108 CET | 53 | 59605 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 5, 2024 18:09:19.644263029 CET | 192.168.2.7 | 1.1.1.1 | 0x8d43 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 5, 2024 18:10:04.185692072 CET | 192.168.2.7 | 1.1.1.1 | 0x8357 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 5, 2024 18:10:05.764008999 CET | 192.168.2.7 | 1.1.1.1 | 0xdf48 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 5, 2024 18:09:15.006210089 CET | 1.1.1.1 | 192.168.2.7 | 0x2eb6 | No error (0) | s-part-0035.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 5, 2024 18:09:15.006210089 CET | 1.1.1.1 | 192.168.2.7 | 0x2eb6 | No error (0) | 13.107.246.63 | A (IP address) | IN (0x0001) | false | ||
Dec 5, 2024 18:09:19.878498077 CET | 1.1.1.1 | 192.168.2.7 | 0x8d43 | No error (0) | 193.166.255.171 | A (IP address) | IN (0x0001) | false | ||
Dec 5, 2024 18:10:04.420393944 CET | 1.1.1.1 | 192.168.2.7 | 0x8357 | No error (0) | 15.197.204.56 | A (IP address) | IN (0x0001) | false | ||
Dec 5, 2024 18:10:04.420393944 CET | 1.1.1.1 | 192.168.2.7 | 0x8357 | No error (0) | 3.33.243.145 | A (IP address) | IN (0x0001) | false | ||
Dec 5, 2024 18:10:06.235613108 CET | 1.1.1.1 | 192.168.2.7 | 0xdf48 | No error (0) | 52.34.198.229 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49708 | 193.166.255.171 | 80 | 7452 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:09:20.022612095 CET | 186 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49771 | 193.166.255.171 | 80 | 7452 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:09:42.163638115 CET | 186 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49827 | 15.197.204.56 | 80 | 7452 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:04.541574955 CET | 191 | OUT | |
Dec 5, 2024 18:10:05.646893978 CET | 259 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49833 | 52.34.198.229 | 80 | 7452 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:06.357047081 CET | 191 | OUT | |
Dec 5, 2024 18:10:07.718915939 CET | 415 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49844 | 193.166.255.171 | 80 | 396 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:10.282772064 CET | 186 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49898 | 193.166.255.171 | 80 | 396 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:32.546143055 CET | 186 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49951 | 15.197.204.56 | 80 | 396 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:54.621197939 CET | 191 | OUT | |
Dec 5, 2024 18:10:55.730530977 CET | 259 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49955 | 52.34.198.229 | 80 | 396 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:55.963536978 CET | 298 | OUT | |
Dec 5, 2024 18:10:57.327356100 CET | 338 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.7 | 49963 | 193.166.255.171 | 80 | 7296 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:10:59.614279985 CET | 186 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.7 | 50001 | 193.166.255.171 | 80 | 7296 | C:\Users\user\AppData\Roaming\omsecor.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 5, 2024 18:11:21.757900000 CET | 186 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:09:15 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\Desktop\fmlgbgc2p5.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 809D8BEDB2DA450B588BF82E9A118FE4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 12:09:16 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\Desktop\fmlgbgc2p5.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 809D8BEDB2DA450B588BF82E9A118FE4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 12:09:16 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 6E897A612472AD8B51062A6844A8A17B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 12:09:16 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 12:09:16 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 6E897A612472AD8B51062A6844A8A17B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 10 |
Start time: | 12:09:16 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 12:10:07 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 678D56882701DBE0727C09DD075B56D1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 14 |
Start time: | 12:10:08 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 678D56882701DBE0727C09DD075B56D1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 16 |
Start time: | 12:10:08 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | A4BA09D8D586AF0201C2E6584BE09E59 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 17 |
Start time: | 12:10:08 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 12:10:09 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | A4BA09D8D586AF0201C2E6584BE09E59 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 20 |
Start time: | 12:10:09 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 23 |
Start time: | 12:10:57 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 75B0F2A9AD432A0DBC138A050D744956 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 24 |
Start time: | 12:10:58 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 75B0F2A9AD432A0DBC138A050D744956 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 26 |
Start time: | 12:10:58 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 50E482AEFE2A49BBCB4AAEE1B8C70305 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 27 |
Start time: | 12:10:58 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 28 |
Start time: | 12:10:58 |
Start date: | 05/12/2024 |
Path: | C:\Users\user\AppData\Roaming\omsecor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 98'330 bytes |
MD5 hash: | 50E482AEFE2A49BBCB4AAEE1B8C70305 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 30 |
Start time: | 12:10:59 |
Start date: | 05/12/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 0.3% |
Signature Coverage: | 8.3% |
Total number of Nodes: | 1163 |
Total number of Limit Nodes: | 12 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040213B Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042117B Relevance: .8, Instructions: 751COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 2.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 4.8% |
Total number of Nodes: | 1144 |
Total number of Limit Nodes: | 6 |
Graph
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077F0 Relevance: 3.0, APIs: 2, Instructions: 30processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039EA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 163memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A057 Relevance: 4.5, APIs: 3, Instructions: 40comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406CB5 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E6 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 355comCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041E4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 210registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004047CC Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 226memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040253C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113sleepprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409DF4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040978D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409581 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 0.3% |
Signature Coverage: | 0% |
Total number of Nodes: | 1163 |
Total number of Limit Nodes: | 12 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 7.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 1147 |
Total number of Limit Nodes: | 5 |
Graph
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077F0 Relevance: 3.0, APIs: 2, Instructions: 30processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D14 Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039EA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 163memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E6 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 355comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041E4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 210registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004047CC Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 226memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040253C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113sleepprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409DF4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040978D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409581 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 0.3% |
Signature Coverage: | 0% |
Total number of Nodes: | 1163 |
Total number of Limit Nodes: | 12 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 2.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 1144 |
Total number of Limit Nodes: | 6 |
Graph
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077F0 Relevance: 3.0, APIs: 2, Instructions: 30processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039EA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 163memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E6 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 355comCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041E4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 210registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004047CC Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 226memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040253C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113sleepprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409DF4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040978D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409581 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077F0 Relevance: 3.0, APIs: 2, Instructions: 30processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D14 Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039EA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 163memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E6 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 355comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041E4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 210registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004047CC Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 226memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040253C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113sleepprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409DF4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040978D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409581 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077F0 Relevance: 3.0, APIs: 2, Instructions: 30processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039EA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 163memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E6 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 355comCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041E4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 210registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004047CC Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 226memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040253C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113sleepprocessfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409DF4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040978D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409581 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401080 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156memorytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AB5 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F3E Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402465 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401E76 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404854 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 164libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C07 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C5B Relevance: 13.7, APIs: 9, Instructions: 186COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B21 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407B29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421170 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F64 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC6 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ABD9 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B346 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 153sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409C99 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127memorynetworkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A786 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 121sleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040782A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60filetimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E2B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407727 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D14 Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 86libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040350F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408248 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 116sleepfilesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181threadnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040451B Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 205registrymemoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409301 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405229 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 134sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ADF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A156 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407362 Relevance: 13.6, APIs: 9, Instructions: 114timesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409909 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 79memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408F26 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AC93 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 105sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094B6 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A245 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408604 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A99 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8F9 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 161sleepmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407499 Relevance: 9.1, APIs: 6, Instructions: 62timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409808 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C77 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 26registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|