Edit tour
Windows
Analysis Report
Fortexternal.exe
Overview
General Information
| Sample name: | Fortexternal.exe |
| Analysis ID: | 1569998 |
| MD5: | 08dbf0926e763b4f80fa9590b67fc282 |
| SHA1: | ce78c2d8ab88df7f524670824fd27b1340a64c84 |
| SHA256: | 51c9e9667890f9320c2c95e49b1dbd6e2dfbec73e71f1039868e26535e328525 |
| Tags: | exeuser-aachum |
| Infos: |  |
 | |
Detection
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
PE file contains section with special chars
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
Potential key logger detected (key state polling based)
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Fortexternal.exe (PID: 4320 cmdline: "C:\Users\ user\Deskt op\Fortext ernal.exe" MD5: 08DBF0926E763B4F80FA9590B67FC282)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-06T13:58:01.583769+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_000002D4B4DA7750 | |
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_000002D4B4D0F46A | |
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF691E51C20 | |
| Source: | Code function: | 0_2_00007FF691E51D70 | |
| Source: | Code function: | 0_2_00007FF691E51C20 | |
| Source: | Code function: | 0_2_00007FF691E80330 | |
| Source: | Code function: | 0_2_00007FF691E80D02 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00007FF691E83B90 | |
| Source: | Code function: | 0_2_00007FF691E80330 | |
| Source: | Code function: | 0_2_00007FF691E84320 | |
| Source: | Code function: | 0_2_00007FF691E7F2F0 | |
| Source: | Code function: | 0_2_00007FF691E7EA60 | |
| Source: | Code function: | 0_2_00007FF691E7FCE0 | |
| Source: | Code function: | 0_2_00007FF691E7C310 | |
| Source: | Code function: | 0_2_00007FF691E7BA80 | |
| Source: | Code function: | 0_2_00007FF691E5C270 | |
| Source: | Code function: | 0_2_00007FF691E4F250 | |
| Source: | Code function: | 0_2_00007FF691E4C250 | |
| Source: | Code function: | 0_2_00007FF691E45A30 | |
| Source: | Code function: | 0_2_00007FF691E72A00 | |
| Source: | Code function: | 0_2_00007FF691E4FA00 | |
| Source: | Code function: | 0_2_00007FF691E6F9E0 | |
| Source: | Code function: | 0_2_00007FF691E659E0 | |
| Source: | Code function: | 0_2_00007FF691E5B1E0 | |
| Source: | Code function: | 0_2_00007FF691E4E1C0 | |
| Source: | Code function: | 0_2_00007FF691E6D530 | |
| Source: | Code function: | 0_2_00007FF691E5BD10 | |
| Source: | Code function: | 0_2_00007FF691E80D02 | |
| Source: | Code function: | 0_2_00007FF691E554F0 | |
| Source: | Code function: | 0_2_00007FF691E67CE0 | |
| Source: | Code function: | 0_2_00007FF691E36CB0 | |
| Source: | Code function: | 0_2_00007FF691E56C90 | |
| Source: | Code function: | 0_2_00007FF691E66BC0 | |
| Source: | Code function: | 0_2_00007FF691E3FBB0 | |
| Source: | Code function: | 0_2_00007FF691E37390 | |
| Source: | Code function: | 0_2_00007FF691E7A370 | |
| Source: | Code function: | 0_2_00007FF691E5DB50 | |
| Source: | Code function: | 0_2_00007FF691E7CB40 | |
| Source: | Code function: | 0_2_00007FF691E39730 | |
| Source: | Code function: | 0_2_00007FF691E446F0 | |
| Source: | Code function: | 0_2_00007FF691E57EF0 | |
| Source: | Code function: | 0_2_00007FF691E46EC0 | |
| Source: | Code function: | 0_2_00007FF691E596B0 | |
| Source: | Code function: | 0_2_00007FF691E44620 | |
| Source: | Code function: | 0_2_00007FF691E4D620 | |
| Source: | Code function: | 0_2_00007FF691E39E10 | |
| Source: | Code function: | 0_2_00007FF691E625F0 | |
| Source: | Code function: | 0_2_00007FF691E70DE0 | |
| Source: | Code function: | 0_2_00007FF691E6CDD0 | |
| Source: | Code function: | 0_2_00007FF691E7E5B0 | |
| Source: | Code function: | 0_2_00007FF691E35D90 | |
| Source: | Code function: | 0_2_00007FF691E5AD40 | |
| Source: | Code function: | 0_2_00007FF691E76090 | |
| Source: | Code function: | 0_2_00007FF691E697F0 | |
| Source: | Code function: | 0_2_00007FF691E5BFC0 | |
| Source: | Code function: | 0_2_00007FF691E3DFB0 | |
| Source: | Code function: | 0_2_000002D4B4DD5B70 | |
| Source: | Code function: | 0_2_000002D4B4CFBA30 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_000002D4B4DF16C0 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00007FF691E7F7A0 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_000002D4B4D2497F | |
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Code function: | 0_2_000002D4B4D0F46A | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-69835 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF691E8C0F8 | |
| Source: | Code function: | 0_2_00007FF691E7F7A0 | |
| Source: | Code function: | 0_2_00007FF691E8C0F8 | |
| Source: | Code function: | 0_2_00007FF691E7F7A0 | |
| Source: | Code function: | 0_2_00007FF691E8105B | |
| Source: | Code function: | 0_2_00007FF691E8C388 | |
Stealing of Sensitive Information | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Input Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | 2 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Software Packing | NTDS | 2 Process Discovery | Distributed Component Object Model | 3 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 12 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 21% | ReversingLabs | |||
| 100% | Avira | HEUR/AGEN.1314582 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.myip.com | 104.26.9.59 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.9.59 | api.myip.com | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1569998 |
| Start date and time: | 2024-12-06 13:57:09 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 16s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Fortexternal.exe |
| Detection: | MAL |
| Classification: | mal84.spyw.evad.winEXE@1/1@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Fortexternal.exe
| Time | Type | Description |
|---|---|---|
| 07:58:36 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.9.59 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse | |||
| Get hash | malicious | Go Injector | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| api.myip.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Cryptbot | Browse |
| ||
| Get hash | malicious | Amadey, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Ailurophile Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | TrojanRansom | Browse |
| ||
| Get hash | malicious | TrojanRansom | Browse |
| ||
| Get hash | malicious | TrojanRansom | Browse |
| ||
| Get hash | malicious | TrojanRansom | Browse |
| ||
| Get hash | malicious | RCRU64, TrojanRansom | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | NetSupport RAT | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\Fortexternal.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57 |
| Entropy (8bit): | 4.3585198384225 |
| Encrypted: | false |
| SSDEEP: | 3:YMb1gXMlJ9eMfQxaNmGGL4:YMeX6uxaNmRL4 |
| MD5: | E86153F34E01C5AED461F812D7472D86 |
| SHA1: | CB4491FAC004B18059BA1BDDFE2CD5696CD94F87 |
| SHA-256: | D174A4EFD5E9EAC12E0161D4C4A1D5C26122C4C5EA6A1BE49D7A277B535CB2DF |
| SHA-512: | CA8A07D9515808AC4331D1790F75C2A05672E299366DE0A0EE55698F8679B366428DFB18E8390FF034B58E3D0D05165F4C9EE8F7481B7509B51A18A84DF5F51B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.726666107093787 |
| TrID: |
|
| File name: | Fortexternal.exe |
| File size: | 1'630'758 bytes |
| MD5: | 08dbf0926e763b4f80fa9590b67fc282 |
| SHA1: | ce78c2d8ab88df7f524670824fd27b1340a64c84 |
| SHA256: | 51c9e9667890f9320c2c95e49b1dbd6e2dfbec73e71f1039868e26535e328525 |
| SHA512: | 4bcdd18ebfaab91fd75417a4697bc8617c7c978895ad0d29afc3afa4daae8c3476bba01d8ab5002e4918f469efdd70b7879ad836dcfcdf4fa4d89c914bd6d271 |
| SSDEEP: | 24576:ggS6MCv8Su14U80/NGJWK+hFSlCnPHtxUtsaOZ9KS6OtPCdxCtR/79czFrC9r/xq:gWEJyU86L3FidOC3OPh/xq |
| TLSH: | 5F75122FB3987BBAE434D0B3DAE3D30A7331A15594768B2B09C14A1F616501A7B47F6C |
| File Content Preview: | MZ......................@..0.61.UPX!._0x0018ce5.........................!..L.!This program cannot be run in DOS mode....$........z...............c.......................................c................................t.............Rich................... |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x140709220 |
| Entrypoint Section: | bUbbb |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x674C99D1 [Sun Dec 1 17:16:01 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | bd2500bb87e3a94d2777b94c3c55a684 |
| Instruction |
|---|
| push ebx |
| push esi |
| push edi |
| push ebp |
| dec eax |
| lea esi, dword ptr [FFE85DD5h] |
| dec eax |
| lea edi, dword ptr [esi-0058E000h] |
| push edi |
| xor ebx, ebx |
| xor ecx, ecx |
| dec eax |
| or ebp, FFFFFFFFh |
| call 00007F2660C70355h |
| add ebx, ebx |
| je 00007F2660C70304h |
| rep ret |
| mov ebx, dword ptr [esi] |
| dec eax |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| mov dl, byte ptr [esi] |
| rep ret |
| dec eax |
| lea eax, dword ptr [edi+ebp] |
| cmp ecx, 05h |
| mov dl, byte ptr [eax] |
| jbe 00007F2660C70323h |
| dec eax |
| cmp ebp, FFFFFFFCh |
| jnbe 00007F2660C7031Dh |
| sub ecx, 04h |
| mov edx, dword ptr [eax] |
| dec eax |
| add eax, 04h |
| sub ecx, 04h |
| mov dword ptr [edi], edx |
| dec eax |
| lea edi, dword ptr [edi+04h] |
| jnc 00007F2660C702F1h |
| add ecx, 04h |
| mov dl, byte ptr [eax] |
| je 00007F2660C70312h |
| dec eax |
| inc eax |
| mov byte ptr [edi], dl |
| sub ecx, 01h |
| mov dl, byte ptr [eax] |
| dec eax |
| lea edi, dword ptr [edi+01h] |
| jne 00007F2660C702F2h |
| rep ret |
| cld |
| inc ecx |
| pop ebx |
| jmp 00007F2660C7030Ah |
| dec eax |
| inc esi |
| mov byte ptr [edi], dl |
| dec eax |
| inc edi |
| mov dl, byte ptr [esi] |
| add ebx, ebx |
| jne 00007F2660C7030Ch |
| mov ebx, dword ptr [esi] |
| dec eax |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| mov dl, byte ptr [esi] |
| jc 00007F2660C702E8h |
| lea eax, dword ptr [ecx+01h] |
| jmp 00007F2660C70309h |
| dec eax |
| inc ecx |
| call ebx |
| adc eax, eax |
| inc ecx |
| call ebx |
| adc eax, eax |
| add ebx, ebx |
| jne 00007F2660C7030Ch |
| mov ebx, dword ptr [esi] |
| dec eax |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| mov dl, byte ptr [esi] |
| jnc 00007F2660C702E6h |
| sub eax, 03h |
| jc 00007F2660C7031Bh |
| shl eax, 08h |
| movzx edx, dl |
| or eax, edx |
| dec eax |
| inc esi |
| xor eax, FFFFFFFFh |
| je 00007F2660C7035Ah |
| sar eax, 1 |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x71d0c4 | 0x4c0 | bb, |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x70a000 | 0x130c4 | bb, |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x334000 | 0x43bc | "QR |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x71d584 | 0x20 | bb, |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x709498 | 0x28 | bUbbb |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x7094c8 | 0x140 | bUbbb |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| "QR | 0x1000 | 0x58e000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| bUbbb | 0x58f000 | 0x17b000 | 0x17a800 | fb99d6a473de33211791c0b90eed64e8 | False | 0.9637394732496698 | data | 7.788685190229874 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| bb, | 0x70a000 | 0x14000 | 0x13600 | 668f1c1481a445e0f82afd99a44e0c5c | False | 0.2582913306451613 | data | 3.941814426443069 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| None | 0x71cf08 | 0x2e | data | 1.108695652173913 | ||
| RT_RCDATA | 0x34bf34 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x350138 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x35433c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x358540 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x35c744 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x360948 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x364b4c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x368d50 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x36cf54 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x371158 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x37535c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x379560 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x37d764 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x381968 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x385b6c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x389d70 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x38df74 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x392178 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x39637c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x39a580 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x39e784 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3a2988 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3a6b8c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3aad90 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3aef94 | 0x23 | empty | 0 | ||
| RT_RCDATA | 0x3aefb8 | 0x75 | empty | 0 | ||
| RT_RCDATA | 0x3af030 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3b3234 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3b7438 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3bb63c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3bf840 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3c3a44 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3c7c48 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3cbe4c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3d0050 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3d4254 | 0x655 | empty | 0 | ||
| RT_RCDATA | 0x3d48ac | 0xf | empty | 0 | ||
| RT_RCDATA | 0x3d48bc | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3d8ac0 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x3dccc4 | 0xeceb0 | empty | 0 | ||
| RT_RCDATA | 0x4c9b74 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4cdd78 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4d1f7c | 0xb2cd | empty | 0 | ||
| RT_RCDATA | 0x4dd24c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4e1450 | 0x55 | empty | 0 | ||
| RT_RCDATA | 0x4e14a8 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4e56ac | 0x9e | empty | 0 | ||
| RT_RCDATA | 0x4e574c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4e9950 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4edb54 | 0x1f2 | empty | 0 | ||
| RT_RCDATA | 0x4edd48 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4f1f4c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4f6150 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x4fa354 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa3d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa454 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa4d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa554 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa5d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa654 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa6d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa754 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa7d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa854 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa8d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa954 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fa9d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4faa54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4faad4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fab54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fabd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fac54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4facd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fad54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fadd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fae54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4faed4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4faf54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fafd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb054 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb0d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb154 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb1d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb254 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb2d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb354 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb3d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb454 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb4d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb554 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb5d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb654 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb6d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb754 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb7d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb854 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb8d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb954 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fb9d4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fba54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbad4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbb54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbbd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbc54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbcd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbd54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbdd4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbe54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbed4 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbf54 | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fbfd4 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5001d8 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5043dc | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5085e0 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x50c7e4 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5109e8 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x514bec | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x518df0 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x51cff4 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5211f8 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x5253fc | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x529600 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x52d804 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x531a08 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x535c0c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x539e10 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x53e014 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x542218 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x54641c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x54a620 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x54e824 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x552a28 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x556c2c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x55ae30 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x55f034 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x563238 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x56743c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x56b640 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x56f844 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x573a48 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x577c4c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x57be50 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x580054 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x584258 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x58845c | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x58c660 | 0x4201 | empty | 0 | ||
| RT_RCDATA | 0x590864 | 0x4201 | data | 0.9946144285967923 | ||
| RT_RCDATA | 0x594a68 | 0x4201 | data | 0.9993489968633485 | ||
| RT_RCDATA | 0x598c6c | 0x4201 | data | 0.9991714505533527 | ||
| RT_RCDATA | 0x59ce70 | 0x4201 | data | 0.9995265431733443 | ||
| RT_RCDATA | 0x5a1074 | 0x4201 | data | 0.9980469905900455 | ||
| RT_RCDATA | 0x5a5278 | 0x4201 | data | 0.9976918979700539 | ||
| RT_RCDATA | 0x5a947c | 0x4201 | data | 0.9989347221400249 | ||
| RT_RCDATA | 0x5ad680 | 0x4201 | data | 0.9997040894833402 | ||
| RT_RCDATA | 0x5b1884 | 0x4201 | data | 0.9985796295200331 | ||
| RT_RCDATA | 0x5b5a88 | 0x4201 | data | 0.9898206782269042 | ||
| RT_RCDATA | 0x5b9c8c | 0x4201 | data | 0.9789311712138249 | ||
| RT_RCDATA | 0x5bde90 | 0x4201 | data | 0.9865064804403149 | ||
| RT_RCDATA | 0x5c2094 | 0x4201 | data | 0.9686334852340652 | ||
| RT_RCDATA | 0x5c6298 | 0x4201 | data | 0.9574480677043262 | ||
| RT_RCDATA | 0x5ca49c | 0x4201 | data | 0.958986802390957 | ||
| RT_RCDATA | 0x5ce6a0 | 0x4201 | data | 0.9673906610640942 | ||
| RT_RCDATA | 0x5d28a4 | 0x4201 | data | 0.9720068651239865 | ||
| RT_RCDATA | 0x5d6aa8 | 0x4201 | data | 0.9598153518376044 | ||
| RT_RCDATA | 0x5dacac | 0x4201 | data | 0.9688110315440611 | ||
| RT_RCDATA | 0x5deeb0 | 0x4201 | data | 0.9711783156773391 | ||
| RT_RCDATA | 0x5e30b4 | 0x4201 | data | 0.9655560158608036 | ||
| RT_RCDATA | 0x5e72b8 | 0x4201 | data | 0.9654968337574718 | ||
| RT_RCDATA | 0x5eb4bc | 0x4201 | data | 0.9620050896608866 | ||
| RT_RCDATA | 0x5ef6c0 | 0x4201 | data | 0.9705864946440197 | ||
| RT_RCDATA | 0x5f38c4 | 0x4201 | data | 0.9666804758241108 | ||
| RT_RCDATA | 0x5f7ac8 | 0x4201 | data | 0.9671539326507664 | ||
| RT_RCDATA | 0x5fbccc | 0x4201 | data | 0.9644315558974966 | ||
| RT_RCDATA | 0x5ffed0 | 0x4201 | data | 0.9423566313546784 | ||
| RT_RCDATA | 0x6040d4 | 0x4201 | data | 0.9188021542285613 | ||
| RT_RCDATA | 0x6082d8 | 0x4201 | data | 0.942770906078002 | ||
| RT_RCDATA | 0x60c4dc | 0x4201 | data | 0.9521216784044505 | ||
| RT_RCDATA | 0x6106e0 | 0x4201 | data | 0.965200923240812 | ||
| RT_RCDATA | 0x6148e4 | 0x4201 | data | 0.9580990708409777 | ||
| RT_RCDATA | 0x618ae8 | 0x4201 | data | 0.9418831745280227 | ||
| RT_RCDATA | 0x61ccec | 0x4201 | data | 0.9607030833875836 | ||
| RT_RCDATA | 0x620ef0 | 0x4201 | data | 0.9766230691838788 | ||
| RT_RCDATA | 0x6250f4 | 0x4201 | data | 0.9691661241640528 | ||
| RT_RCDATA | 0x6292f8 | 0x4201 | data | 0.9496360300645085 | ||
| RT_RCDATA | 0x62d4fc | 0x4201 | data | 0.9655560158608036 | ||
| RT_RCDATA | 0x631700 | 0x4201 | data | 0.9534236846777534 | ||
| RT_RCDATA | 0x635904 | 0x4201 | data | 0.9536012309877493 | ||
| RT_RCDATA | 0x639b08 | 0x4201 | data | 0.9410546250813754 | ||
| RT_RCDATA | 0x63dd0c | 0x4201 | data | 0.9593418950109487 | ||
| RT_RCDATA | 0x641f10 | 0x4201 | data | 0.9571521571876664 | ||
| RT_RCDATA | 0x646114 | 0x4201 | data | 0.9721252293306504 | ||
| RT_RCDATA | 0x64a318 | 0x4201 | data | 0.9594602592176126 | ||
| RT_RCDATA | 0x64e51c | 0x4201 | data | 0.9634254601408534 | ||
| RT_RCDATA | 0x652720 | 0x4201 | data | 0.9611173581109073 | ||
| RT_RCDATA | 0x656924 | 0x4201 | data | 0.9641948274841687 | ||
| RT_RCDATA | 0x65ab28 | 0x4201 | data | 0.966502929514115 | ||
| RT_RCDATA | 0x65ed2c | 0x4201 | data | 0.9669172042374385 | ||
| RT_RCDATA | 0x662f30 | 0x4201 | data | 0.9677457536840859 | ||
| RT_RCDATA | 0x667134 | 0x4201 | data | 0.9460851038645913 | ||
| RT_RCDATA | 0x66b338 | 0x4201 | data | 0.9369118778481387 | ||
| RT_RCDATA | 0x66f53c | 0x4201 | data | 0.9575072498076581 | ||
| RT_RCDATA | 0x673740 | 0x4201 | data | 0.966384565307451 | ||
| RT_RCDATA | 0x677944 | 0x4201 | data | 0.9678049357874179 | ||
| RT_RCDATA | 0x67bb48 | 0x4201 | data | 0.9687518494407291 | ||
| RT_RCDATA | 0x67fd4c | 0x4201 | data | 0.9695212167840445 | ||
| RT_RCDATA | 0x683f50 | 0x4201 | data | 0.9696987630940404 | ||
| RT_RCDATA | 0x688154 | 0x4201 | data | 0.9699946736107001 | ||
| RT_RCDATA | 0x68c358 | 0x4201 | DOS executable (COM, 0x8C-variant) | 0.9699354915073681 | ||
| RT_RCDATA | 0x69055c | 0x4201 | data | 0.971355861987335 | ||
| RT_RCDATA | 0x694760 | 0x4201 | data | 0.9694028525773806 | ||
| RT_RCDATA | 0x698964 | 0x4201 | data | 0.9705864946440197 | ||
| RT_RCDATA | 0x69cb68 | 0x4201 | data | 0.9686926673373971 | ||
| RT_RCDATA | 0x6a0d6c | 0x4201 | data | 0.9688110315440611 | ||
| RT_RCDATA | 0x6a4f70 | 0x4201 | data | 0.9708824051606794 | ||
| RT_RCDATA | 0x6a9174 | 0x4201 | data | 0.9699354915073681 | ||
| RT_RCDATA | 0x6ad378 | 0x4201 | data | 0.9686926673373971 | ||
| RT_RCDATA | 0x6b157c | 0x4201 | data | 0.9766822512872108 | ||
| RT_RCDATA | 0x6b5780 | 0x4201 | data | 0.9777475291471859 | ||
| RT_RCDATA | 0x6b9984 | 0x4201 | data | 0.9747884239805883 | ||
| RT_RCDATA | 0x6bdb88 | 0x4201 | data | 0.976445522873883 | ||
| RT_RCDATA | 0x6c1d8c | 0x4201 | data | 0.9792270817304847 | ||
| RT_RCDATA | 0x6c5f90 | 0x4201 | data | 0.9772148902171983 | ||
| RT_RCDATA | 0x6ca194 | 0x4201 | data | 0.9782209859738416 | ||
| RT_RCDATA | 0x6ce398 | 0x4201 | OpenPGP Public Key | 0.9795229922471445 | ||
| RT_RCDATA | 0x6d259c | 0x4201 | data | 0.9781618038705095 | ||
| RT_RCDATA | 0x6d67a0 | 0x4201 | data | 0.9768597975972066 | ||
| RT_RCDATA | 0x6da9a4 | 0x4201 | data | 0.9775108007338581 | ||
| RT_RCDATA | 0x6deba8 | 0x4201 | data | 0.9772148902171983 | ||
| RT_RCDATA | 0x6e2dac | 0x4201 | data | 0.9733680535006214 | ||
| RT_RCDATA | 0x6e6fb0 | 0x4201 | data | 0.9641948274841687 | ||
| RT_RCDATA | 0x6eb1b4 | 0x4201 | data | 0.9110492986920755 | ||
| RT_RCDATA | 0x6ef3b8 | 0x4201 | data | 0.9101023850387643 | ||
| RT_RCDATA | 0x6f35bc | 0x4201 | data | 0.8142865597443333 | ||
| RT_RCDATA | 0x6f77c0 | 0x4201 | data | 0.9559093330176954 | ||
| RT_MANIFEST | 0x71cf3c | 0x2 | data | 5.0 | ||
| RT_MANIFEST | 0x71cf44 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
| None | 0x6fbb48 | 0x8a | data | 1.0797101449275361 | ||
| None | 0x6fbbd4 | 0xe8 | data | 1.0474137931034482 | ||
| None | 0x6fbcbc | 0xce | data | 1.0533980582524272 | ||
| None | 0x6fbd8c | 0x144 | SysEx File - | 1.0339506172839505 | ||
| None | 0x6fbed0 | 0x114 | data | 1.039855072463768 | ||
| None | 0x6fbfe4 | 0x1c2 | data | 1.0244444444444445 | ||
| None | 0x6fc1a8 | 0xda | data | 1.0504587155963303 | ||
| None | 0x6fc284 | 0xce | data | 1.0533980582524272 | ||
| None | 0x6fc354 | 0xbc | data | 1.0585106382978724 | ||
| None | 0x6fc410 | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x6fc504 | 0x16c | data | 1.0302197802197801 | ||
| None | 0x6fc670 | 0x14c | data | 1.033132530120482 | ||
| None | 0x6fc7bc | 0x192 | data | 1.027363184079602 | ||
| None | 0x6fc950 | 0x58 | data | 1.125 | ||
| None | 0x6fc9a8 | 0x104 | data | 1.0423076923076924 | ||
| None | 0x6fcaac | 0x96 | data | 1.0733333333333333 | ||
| None | 0x6fcb44 | 0xae | data | 1.0632183908045978 | ||
| None | 0x6fcbf4 | 0xb4 | data | 1.0611111111111111 | ||
| None | 0x6fcca8 | 0xe4 | data | 1.0482456140350878 | ||
| None | 0x6fcd8c | 0xd6 | data | 1.0514018691588785 | ||
| None | 0x6fce64 | 0xd2 | data | 1.0523809523809524 | ||
| None | 0x6fcf38 | 0x118 | data | 1.0392857142857144 | ||
| None | 0x6fd050 | 0x11a | data | 1.0390070921985815 | ||
| None | 0x6fd16c | 0x128 | data | 1.037162162162162 | ||
| None | 0x6fd294 | 0x8e | data | 1.0774647887323943 | ||
| None | 0x6fd324 | 0xfc | data | 1.0436507936507937 | ||
| None | 0x6fd420 | 0xc4 | data | 1.0561224489795917 | ||
| None | 0x6fd4e4 | 0x120 | data | 1.0381944444444444 | ||
| None | 0x6fd604 | 0x70 | data | 1.0982142857142858 | ||
| None | 0x6fd674 | 0xd0 | data | 1.0528846153846154 | ||
| None | 0x6fd744 | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x6fd838 | 0x144 | data | 1.0339506172839505 | ||
| None | 0x6fd97c | 0xb6 | data | 1.0604395604395604 | ||
| None | 0x6fda34 | 0x140 | data | 1.034375 | ||
| None | 0x6fdb74 | 0xd6 | data | 1.0514018691588785 | ||
| None | 0x6fdc4c | 0xfe | OpenPGP Public Key | 1.0433070866141732 | ||
| None | 0x6fdd4c | 0xb0 | data | 1.0625 | ||
| None | 0x6fddfc | 0xee | data | 1.046218487394958 | ||
| None | 0x6fdeec | 0x136 | data | 1.0354838709677419 | ||
| None | 0x6fe024 | 0xee | data | 1.046218487394958 | ||
| None | 0x6fe114 | 0x7a | data | 1.0901639344262295 | ||
| None | 0x6fe190 | 0x148 | data | 1.0335365853658536 | ||
| None | 0x6fe2d8 | 0x102 | data | 1.0426356589147288 | ||
| None | 0x6fe3dc | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x6fe4d0 | 0xee | data | 1.046218487394958 | ||
| None | 0x6fe5c0 | 0xd8 | data | 1.0509259259259258 | ||
| None | 0x6fe698 | 0x8c | OpenPGP Public Key | 1.0785714285714285 | ||
| None | 0x6fe724 | 0x166 | data | 1.0307262569832403 | ||
| None | 0x6fe88c | 0x126 | data | 1.0374149659863945 | ||
| None | 0x6fe9b4 | 0xcc | data | 1.053921568627451 | ||
| None | 0x6fea80 | 0x104 | data | 1.0423076923076924 | ||
| None | 0x6feb84 | 0xa6 | data | 1.0542168674698795 | ||
| None | 0x6fec2c | 0x116 | data | 1.039568345323741 | ||
| None | 0x6fed44 | 0x146 | data | 1.0337423312883436 | ||
| None | 0x6fee8c | 0x152 | data | 1.032544378698225 | ||
| None | 0x6fefe0 | 0x98 | data | 1.0723684210526316 | ||
| None | 0x6ff078 | 0xba | data | 1.0591397849462365 | ||
| None | 0x6ff134 | 0x8e | data | 1.0774647887323943 | ||
| None | 0x6ff1c4 | 0x66 | data | 1.107843137254902 | ||
| None | 0x6ff22c | 0x158 | DOS executable (clock standard input/output character device driver \302,IOCTL-,close media-,until busy-,control strings-support) | 1.0319767441860466 | ||
| None | 0x6ff384 | 0xde | data | 1.0495495495495495 | ||
| None | 0x6ff464 | 0x106 | data | 1.0419847328244274 | ||
| None | 0x6ff56c | 0x10c | data | 1.041044776119403 | ||
| None | 0x6ff678 | 0x146 | data | 1.0337423312883436 | ||
| None | 0x6ff7c0 | 0x78 | PGP Secret Sub-key - | 1.0916666666666666 | ||
| None | 0x6ff838 | 0xce | data | 1.0533980582524272 | ||
| None | 0x6ff908 | 0x98 | data | 1.0592105263157894 | ||
| None | 0x6ff9a0 | 0xf8 | data | 1.0443548387096775 | ||
| None | 0x6ffa98 | 0xf8 | data | 1.0443548387096775 | ||
| None | 0x6ffb90 | 0xfa | data | 1.036 | ||
| None | 0x6ffc8c | 0x8c | data | 1.0785714285714285 | ||
| None | 0x6ffd18 | 0xb2 | data | 1.0617977528089888 | ||
| None | 0x6ffdcc | 0xe0 | data | 1.0491071428571428 | ||
| None | 0x6ffeac | 0xd0 | data | 1.0528846153846154 | ||
| None | 0x6fff7c | 0x110 | data | 1.0404411764705883 | ||
| None | 0x70008c | 0x78 | data | 1.0916666666666666 | ||
| None | 0x700104 | 0x96 | data | 1.0733333333333333 | ||
| None | 0x70019c | 0xc0 | data | 1.0572916666666667 | ||
| None | 0x70025c | 0xfa | data | 1.044 | ||
| None | 0x700358 | 0xa2 | data | 1.0679012345679013 | ||
| None | 0x7003fc | 0x150 | zlib compressed data | 1.0327380952380953 | ||
| None | 0x70054c | 0x13e | data | 1.0345911949685536 | ||
| None | 0x70068c | 0x66 | data | 1.107843137254902 | ||
| None | 0x7006f4 | 0xee | data | 1.046218487394958 | ||
| None | 0x7007e4 | 0x88 | data | 1.0808823529411764 | ||
| None | 0x70086c | 0xc6 | data | 1.0555555555555556 | ||
| None | 0x700934 | 0x11c | OpenPGP Public Key | 1.0387323943661972 | ||
| None | 0x700a50 | 0xe4 | data | 1.0482456140350878 | ||
| None | 0x700b34 | 0x8a | data | 1.0797101449275361 | ||
| None | 0x700bc0 | 0xfe | data | 1.0433070866141732 | ||
| None | 0x700cc0 | 0x90 | data | 1.0763888888888888 | ||
| None | 0x700d50 | 0x90 | data | 1.0763888888888888 | ||
| None | 0x700de0 | 0xda | data | 1.0504587155963303 | ||
| None | 0x700ebc | 0x9a | data | 1.0714285714285714 | ||
| None | 0x700f58 | 0xaa | data | 1.0647058823529412 | ||
| None | 0x701004 | 0x104 | data | 1.0423076923076924 | ||
| None | 0x701108 | 0x15a | data | 1.0317919075144508 | ||
| None | 0x701264 | 0x128 | data | 1.037162162162162 | ||
| None | 0x70138c | 0xf0 | data | 1.0458333333333334 | ||
| None | 0x70147c | 0x130 | data | 1.0361842105263157 | ||
| None | 0x7015ac | 0xac | data | 1.063953488372093 | ||
| None | 0x701658 | 0x148 | data | 1.0335365853658536 | ||
| None | 0x7017a0 | 0xb4 | data | 1.0611111111111111 | ||
| None | 0x701854 | 0x12e | data | 1.0364238410596027 | ||
| None | 0x701984 | 0x116 | data | 1.039568345323741 | ||
| None | 0x701a9c | 0x74 | data | 1.0775862068965518 | ||
| None | 0x701b10 | 0xba | data | 1.0591397849462365 | ||
| None | 0x701bcc | 0x10a | data | 1.0413533834586466 | ||
| None | 0x701cd8 | 0x136 | OpenPGP Public Key | 1.0354838709677419 | ||
| None | 0x701e10 | 0x12a | data | 1.0369127516778522 | ||
| None | 0x701f3c | 0x144 | data | 1.0339506172839505 | ||
| None | 0x702080 | 0x144 | data | 1.0339506172839505 | ||
| None | 0x7021c4 | 0x138 | data | 1.0352564102564104 | ||
| None | 0x7022fc | 0x12c | data | 1.0366666666666666 | ||
| None | 0x702428 | 0x17c | data | 0.8368421052631579 | ||
| None | 0x7025a4 | 0xfe | data | 1.0433070866141732 | ||
| None | 0x7026a4 | 0xda | data | 1.0504587155963303 | ||
| None | 0x702780 | 0x90 | data | 1.0763888888888888 | ||
| None | 0x702810 | 0xec | data | 1.0466101694915255 | ||
| None | 0x7028fc | 0x11c | data | 0.5563380281690141 | ||
| None | 0x702a18 | 0xda | data | 0.8990825688073395 | ||
| None | 0x702af4 | 0x142 | data | 1.0341614906832297 | ||
| None | 0x702c38 | 0x178 | data | 1.0292553191489362 | ||
| None | 0x702db0 | 0x6a | data | 1.1037735849056605 | ||
| None | 0x702e1c | 0x110 | TTComp archive data, binary, 4K dictionary | 1.0404411764705883 | ||
| None | 0x702f2c | 0xc6 | data | 1.0555555555555556 | ||
| None | 0x702ff4 | 0xfe | data | 1.0433070866141732 | ||
| None | 0x7030f4 | 0xbe | data | 1.0578947368421052 | ||
| None | 0x7031b4 | 0xd6 | data | 1.0514018691588785 | ||
| None | 0x70328c | 0x116 | data | 1.039568345323741 | ||
| None | 0x7033a4 | 0x130 | data | 1.0361842105263157 | ||
| None | 0x7034d4 | 0x108 | data | 1.0416666666666667 | ||
| None | 0x7035dc | 0x12c | data | 1.0366666666666666 | ||
| None | 0x703708 | 0xe8 | data | 1.0474137931034482 | ||
| None | 0x7037f0 | 0x152 | data | 1.032544378698225 | ||
| None | 0x703944 | 0xca | data | 1.0544554455445545 | ||
| None | 0x703a10 | 0x11c | data | 1.0387323943661972 | ||
| None | 0x703b2c | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x703c20 | 0x114 | data | 1.039855072463768 | ||
| None | 0x703d34 | 0x102 | data | 1.0426356589147288 | ||
| None | 0x703e38 | 0x11a | OpenPGP Secret Key | 1.0390070921985815 | ||
| None | 0x703f54 | 0xb0 | data | 1.0625 | ||
| None | 0x704004 | 0x130 | data | 1.0361842105263157 | ||
| None | 0x704134 | 0xd8 | data | 1.0509259259259258 | ||
| None | 0x70420c | 0x8e | data | 1.0774647887323943 | ||
| None | 0x70429c | 0x74 | data | 1.0948275862068966 | ||
| None | 0x704310 | 0xa6 | data | 1.0662650602409638 | ||
| None | 0x7043b8 | 0x146 | data | 1.0337423312883436 | ||
| None | 0x704500 | 0x120 | data | 1.0381944444444444 | ||
| None | 0x704620 | 0xde | data | 1.0495495495495495 | ||
| None | 0x704700 | 0x140 | data | 1.034375 | ||
| None | 0x704840 | 0x12c | data | 1.0366666666666666 | ||
| None | 0x70496c | 0x16a | data | 1.0303867403314917 | ||
| None | 0x704ad8 | 0xfc | data | 1.0436507936507937 | ||
| None | 0x704bd4 | 0x136 | data | 1.0354838709677419 | ||
| None | 0x704d0c | 0xe0 | data | 1.0491071428571428 | ||
| None | 0x704dec | 0x162 | data | 1.0310734463276836 | ||
| None | 0x704f50 | 0xa8 | data | 1.0416666666666667 | ||
| None | 0x704ff8 | 0x8c | data | 1.0571428571428572 | ||
| None | 0x705084 | 0x12c | data | 1.03 | ||
| None | 0x7051b0 | 0xa6 | data | 1.0662650602409638 | ||
| None | 0x705258 | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x70534c | 0x8a | data | 1.0797101449275361 | ||
| None | 0x7053d8 | 0x156 | data | 1.0321637426900585 | ||
| None | 0x705530 | 0xb8 | TeX DVI file (\021\253\213\273\177%\254\376Bb\034E\251\377\377\377\377\345\322\221\020O\340s\021\035\223\003\361-\237G+\207\025\240\262\013\250E\202q\261\322VS>\247\246\377\377\377\377\247i\225\324\213\030o\225\210\251\364\027\207\311R\205e\323\273L{\223\236<\215\017\236\235\016\035\275\336\317\377\377\377\354\I\304) | 1.059782608695652 | ||
| None | 0x7055e8 | 0x10c | data | 1.041044776119403 | ||
| None | 0x7056f4 | 0xd2 | data | 1.0523809523809524 | ||
| None | 0x7057c8 | 0x174 | data | 1.0295698924731183 | ||
| None | 0x70593c | 0xec | data | 1.0466101694915255 | ||
| None | 0x705a28 | 0x126 | data | 1.0374149659863945 | ||
| None | 0x705b50 | 0x110 | data | 1.0404411764705883 | ||
| None | 0x705c60 | 0x116 | data | 0.9028776978417267 | ||
| None | 0x705d78 | 0x140 | data | 0.44375 | ||
| None | 0x705eb8 | 0xbc | data | 0.6436170212765957 | ||
| None | 0x705f74 | 0xf2 | data | 0.7768595041322314 | ||
| None | 0x706068 | 0xca | data | 1.0544554455445545 | ||
| None | 0x706134 | 0xda | data | 1.0504587155963303 | ||
| None | 0x706210 | 0x16a | data | 1.0303867403314917 | ||
| None | 0x70637c | 0xd8 | data | 1.0509259259259258 | ||
| None | 0x706454 | 0x10a | data | 1.0413533834586466 | ||
| None | 0x706560 | 0xf8 | data | 1.0443548387096775 | ||
| None | 0x706658 | 0xaa | data | 1.0647058823529412 | ||
| None | 0x706704 | 0x92 | data | 1.0753424657534247 | ||
| None | 0x706798 | 0x146 | data | 1.0337423312883436 | ||
| None | 0x7068e0 | 0xd6 | data | 1.0514018691588785 | ||
| None | 0x7069b8 | 0xc2 | data | 1.056701030927835 | ||
| None | 0x706a7c | 0xa4 | data | 1.0670731707317074 | ||
| None | 0x706b20 | 0x104 | data | 1.0423076923076924 | ||
| None | 0x706c24 | 0x82 | data | 1.0846153846153845 |
| DLL | Import |
|---|---|
| api-ms-win-crt-heap-l1-1-0.dll | free |
| api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
| api-ms-win-crt-math-l1-1-0.dll | cosf |
| api-ms-win-crt-runtime-l1-1-0.dll | exit |
| api-ms-win-crt-stdio-l1-1-0.dll | fseek |
| api-ms-win-crt-string-l1-1-0.dll | strcmp |
| api-ms-win-crt-utility-l1-1-0.dll | qsort |
| d3d9.dll | Direct3DCreate9 |
| IMM32.dll | ImmGetContext |
| KERnel32.Dll | LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect |
| MSVCP140.dll | _Query_perf_counter |
| ole32.dlL | CoTaskMemFree |
| SHELL32.dll | ShellExecuteA |
| USER32.dll | SetCursor |
| VCRUNTIME140.dll | memcpy |
| VCRUNTIME140_1.dll | __CxxFrameHandler4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-06T13:58:01.583769+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 6, 2024 13:57:59.664751053 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:57:59.664814949 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:57:59.665020943 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:57:59.679596901 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:57:59.679626942 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:00.970587015 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:00.970685959 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.215075016 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.215094090 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:01.215483904 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:01.215537071 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.219775915 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.267337084 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:01.583790064 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:01.583892107 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.583898067 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 6, 2024 13:58:01.583951950 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.585808992 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 6, 2024 13:58:01.585824013 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 6, 2024 13:57:59.412045002 CET | 59021 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 6, 2024 13:57:59.654988050 CET | 53 | 59021 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 6, 2024 13:57:59.412045002 CET | 192.168.2.5 | 1.1.1.1 | 0x95c1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 6, 2024 13:57:59.654988050 CET | 1.1.1.1 | 192.168.2.5 | 0x95c1 | No error (0) | 104.26.9.59 | A (IP address) | IN (0x0001) | false | ||
| Dec 6, 2024 13:57:59.654988050 CET | 1.1.1.1 | 192.168.2.5 | 0x95c1 | No error (0) | 104.26.8.59 | A (IP address) | IN (0x0001) | false | ||
| Dec 6, 2024 13:57:59.654988050 CET | 1.1.1.1 | 192.168.2.5 | 0x95c1 | No error (0) | 172.67.75.163 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | 4320 | C:\Users\user\Desktop\Fortexternal.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-06 12:58:01 UTC | 182 | OUT | |
| 2024-12-06 12:58:01 UTC | 799 | IN | |
| 2024-12-06 12:58:01 UTC | 63 | IN | |
| 2024-12-06 12:58:01 UTC | 5 | IN |
| Target ID: | 0 |
| Start time: | 07:57:58 |
| Start date: | 06/12/2024 |
| Path: | C:\Users\user\Desktop\Fortexternal.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff691e30000 |
| File size: | 1'630'758 bytes |
| MD5 hash: | 08DBF0926E763B4F80FA9590B67FC282 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 3.5% |
| Dynamic/Decrypted Code Coverage: | 36.2% |
| Signature Coverage: | 25.5% |
| Total number of Nodes: | 987 |
| Total number of Limit Nodes: | 45 |
Graph
Function 00007FF691E84320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E80330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182keyboardCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E83B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126nativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E7EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4DA7750 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E7FCE0 Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E83DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E86800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E621B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E83F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E76090 Relevance: 58.2, APIs: 5, Strings: 26, Instructions: 3919COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E39E10 Relevance: 50.0, APIs: 3, Strings: 25, Instructions: 1049COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E625F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E37390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7CB40 Relevance: 23.8, APIs: 4, Strings: 9, Instructions: 1043COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E80D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E46EC0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 524COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E36CB0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 396COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E51D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E56C90 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 830COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E51C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E8C388 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E5DB50 Relevance: .9, Instructions: 868COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E35D90 Relevance: .6, Instructions: 579COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7A370 Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E5C270 Relevance: .4, Instructions: 405COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E66BC0 Relevance: .4, Instructions: 396COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7BA80 Relevance: .4, Instructions: 362COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E39730 Relevance: .3, Instructions: 301COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7E5B0 Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E5AD40 Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E45A30 Relevance: .3, Instructions: 251COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E4F250 Relevance: .2, Instructions: 185COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4CE4850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E47C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3C240 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 313COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E752B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 211COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E619E0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 180COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E60850 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 322COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E43320 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E6DF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4D2A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000002D4B4D2A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E64020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3D070 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 172COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3B560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 159COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4D30EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E80C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3CB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E59E40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3D4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E38380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E6CA90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E738D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E6E150 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E613B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E32E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E813F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E51F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E7FA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E814F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000002D4B4CEE510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E37D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E51090 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4CFC5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E81091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E541F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000002D4B4CE4AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E43110 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E61620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000002D4B4CE3D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000002D4B4D45560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000002D4B4D04B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF691E39BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E50E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E52A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E52BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E52810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E3B200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E75F80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E53820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E51E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF691E67320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|