Edit tour
Windows
Analysis Report
Nexus-Executor.exe
Overview
General Information
| Sample name: | Nexus-Executor.exe |
| Analysis ID: | 1570764 |
| MD5: | 1d5119509128d468dd629fff653a096a |
| SHA1: | 0715e35d06c94694373a199ac21f66535180a9b0 |
| SHA256: | 9f1f4b08d76117c87c2002659333897e28dd90bad5fd1179ae4f16cb01b3f63c |
| Tags: | exeuser-aachum |
| Infos: |  |
 | |
Detection
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
PE file contains section with special chars
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Nexus-Executor.exe (PID: 1488 cmdline: "C:\Users\ user\Deskt op\Nexus-E xecutor.ex e" MD5: 1D5119509128D468DD629FFF653A096A)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-08T02:10:58.062907+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_000001F784117750 | |
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_000001F78407F46A | |
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF762AB1C20 | |
| Source: | Code function: | 0_2_00007FF762AB1D70 | |
| Source: | Code function: | 0_2_00007FF762AB1C20 | |
| Source: | Code function: | 0_2_00007FF762AE0330 | |
| Source: | Code function: | 0_2_00007FF762AE0D02 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00007FF762AE3B90 | |
| Source: | Code function: | 0_2_00007FF762AE0330 | |
| Source: | Code function: | 0_2_00007FF762AE4320 | |
| Source: | Code function: | 0_2_00007FF762ADFCE0 | |
| Source: | Code function: | 0_2_00007FF762ADF2F0 | |
| Source: | Code function: | 0_2_00007FF762ADEA60 | |
| Source: | Code function: | 0_2_00007FF762AC6BC0 | |
| Source: | Code function: | 0_2_00007FF762A9FBB0 | |
| Source: | Code function: | 0_2_00007FF762ABDB50 | |
| Source: | Code function: | 0_2_00007FF762ADCB40 | |
| Source: | Code function: | 0_2_00007FF762A97390 | |
| Source: | Code function: | 0_2_00007FF762ADA370 | |
| Source: | Code function: | 0_2_00007FF762A96CB0 | |
| Source: | Code function: | 0_2_00007FF762ABBD10 | |
| Source: | Code function: | 0_2_00007FF762AE0D02 | |
| Source: | Code function: | 0_2_00007FF762AB54F0 | |
| Source: | Code function: | 0_2_00007FF762AC7CE0 | |
| Source: | Code function: | 0_2_00007FF762AB6C90 | |
| Source: | Code function: | 0_2_00007FF762AAE1C0 | |
| Source: | Code function: | 0_2_00007FF762AAFA00 | |
| Source: | Code function: | 0_2_00007FF762AD2A00 | |
| Source: | Code function: | 0_2_00007FF762AC59E0 | |
| Source: | Code function: | 0_2_00007FF762ABB1E0 | |
| Source: | Code function: | 0_2_00007FF762ACF9E0 | |
| Source: | Code function: | 0_2_00007FF762ADC310 | |
| Source: | Code function: | 0_2_00007FF762AAC250 | |
| Source: | Code function: | 0_2_00007FF762AAF250 | |
| Source: | Code function: | 0_2_00007FF762AA5A30 | |
| Source: | Code function: | 0_2_00007FF762ADBA80 | |
| Source: | Code function: | 0_2_00007FF762ABC270 | |
| Source: | Code function: | 0_2_00007FF762ABBFC0 | |
| Source: | Code function: | 0_2_00007FF762A9DFB0 | |
| Source: | Code function: | 0_2_00007FF762AC97F0 | |
| Source: | Code function: | 0_2_00007FF762A99730 | |
| Source: | Code function: | 0_2_00007FF762AD6090 | |
| Source: | Code function: | 0_2_00007FF762ACCDD0 | |
| Source: | Code function: | 0_2_00007FF762ADE5B0 | |
| Source: | Code function: | 0_2_00007FF762A99E10 | |
| Source: | Code function: | 0_2_00007FF762AC25F0 | |
| Source: | Code function: | 0_2_00007FF762AD0DE0 | |
| Source: | Code function: | 0_2_00007FF762ABAD40 | |
| Source: | Code function: | 0_2_00007FF762ACD530 | |
| Source: | Code function: | 0_2_00007FF762A95D90 | |
| Source: | Code function: | 0_2_00007FF762AA6EC0 | |
| Source: | Code function: | 0_2_00007FF762AB96B0 | |
| Source: | Code function: | 0_2_00007FF762AA46F0 | |
| Source: | Code function: | 0_2_00007FF762AB7EF0 | |
| Source: | Code function: | 0_2_00007FF762AA4620 | |
| Source: | Code function: | 0_2_00007FF762AAD620 | |
| Source: | Code function: | 0_2_000001F784142720 | |
| Source: | Code function: | 0_2_000001F7840A3841 | |
| Source: | Code function: | 0_2_000001F78406BA30 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_000001F7841610E0 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00007FF762ADF7A0 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_000001F78409497F | |
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_000001F78407F46A | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF762AEC0F8 | |
| Source: | Code function: | 0_2_00007FF762ADF7A0 | |
| Source: | Code function: | 0_2_00007FF762AEC0F8 | |
| Source: | Code function: | 0_2_00007FF762ADF7A0 | |
| Source: | Code function: | 0_2_00007FF762AE105B | |
| Source: | Code function: | 0_2_00007FF762AEC388 | |
Stealing of Sensitive Information | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Input Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | 2 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 12 Software Packing | NTDS | 2 Process Discovery | Distributed Component Object Model | 3 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 12 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 39% | ReversingLabs | Win64.Trojan.Generic | ||
| 28% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1314582 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.myip.com | 104.26.9.59 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.9.59 | api.myip.com | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1570764 |
| Start date and time: | 2024-12-08 02:10:06 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Sample name: | Nexus-Executor.exe |
| Detection: | MAL |
| Classification: | mal84.spyw.evad.winEXE@1/0@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 20:11:33 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.9.59 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| api.myip.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Cryptbot | Browse |
| ||
| Get hash | malicious | Amadey, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Ailurophile Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| |
| Get hash | malicious | Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Matanbuchus | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.942923120547586 |
| TrID: |
|
| File name: | Nexus-Executor.exe |
| File size: | 1'393'194 bytes |
| MD5: | 1d5119509128d468dd629fff653a096a |
| SHA1: | 0715e35d06c94694373a199ac21f66535180a9b0 |
| SHA256: | 9f1f4b08d76117c87c2002659333897e28dd90bad5fd1179ae4f16cb01b3f63c |
| SHA512: | 945c1e903b1aa399cd7818513700777b523cc3d01221306a483515b5d08e6b56f1249367c3b493b63c6e0106b4f926a5f8a6b8673b269e1a49189ea313b5cb47 |
| SSDEEP: | 24576:YZ9Piz+Jlb6Bl3W3ILsBPEUEEl5ulQYbg/leHYuYQAOKlHk:YX6yr6L3KIYCaY5gOYyak |
| TLSH: | 2255122FB7806BA6D435C073CB9BC359B33192909136CF2B1A828D5F65A905A7717F2C |
| File Content Preview: | MZ......................@.0.72.UPX!._0x0020b79..........................!..L.!This program cannot be run in DOS mode....$........z...............c.......................................c................................t.............Rich................... |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x1406a3ca0 |
| Entrypoint Section: | bbbb |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67533378 [Fri Dec 6 17:25:12 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | bd2500bb87e3a94d2777b94c3c55a684 |
| Instruction |
|---|
| push ebx |
| push esi |
| push edi |
| push ebp |
| dec eax |
| lea esi, dword ptr [FFEBE355h] |
| dec eax |
| lea edi, dword ptr [esi-00561000h] |
| push edi |
| mov eax, 006A1D9Dh |
| push eax |
| dec eax |
| mov ecx, esp |
| dec eax |
| mov edx, edi |
| dec eax |
| mov edi, esi |
| mov esi, 00141C93h |
| push ebp |
| dec eax |
| mov ebp, esp |
| inc esp |
| mov ecx, dword ptr [ecx] |
| dec ecx |
| mov eax, edx |
| dec eax |
| mov edx, esi |
| dec eax |
| lea esi, dword ptr [edi+02h] |
| push esi |
| mov al, byte ptr [edi] |
| dec edx |
| mov cl, al |
| and al, 07h |
| shr cl, 00000003h |
| dec eax |
| mov ebx, FFFFFD00h |
| dec eax |
| shl ebx, cl |
| mov cl, al |
| dec eax |
| lea ebx, dword ptr [esp+ebx*2-00000E78h] |
| dec eax |
| and ebx, FFFFFFC0h |
| push 00000000h |
| dec eax |
| cmp esp, ebx |
| jne 00007F3648DE433Bh |
| push ebx |
| dec eax |
| lea edi, dword ptr [ebx+08h] |
| mov cl, byte ptr [esi-01h] |
| dec edx |
| mov byte ptr [edi+02h], al |
| mov al, cl |
| shr cl, 00000004h |
| mov byte ptr [edi+01h], cl |
| and al, 0Fh |
| mov byte ptr [edi], al |
| dec eax |
| lea ecx, dword ptr [edi-04h] |
| push eax |
| inc ecx |
| push edi |
| dec eax |
| lea eax, dword ptr [edi+04h] |
| inc ebp |
| xor edi, edi |
| inc ecx |
| push esi |
| inc ecx |
| mov esi, 00000001h |
| inc ecx |
| push ebp |
| inc ebp |
| xor ebp, ebp |
| inc ecx |
| push esp |
| push ebp |
| push ebx |
| dec eax |
| sub esp, 48h |
| dec eax |
| mov dword ptr [esp+38h], ecx |
| dec eax |
| mov dword ptr [esp+20h], eax |
| mov eax, 00000001h |
| dec eax |
| mov dword ptr [esp+40h], esi |
| dec esp |
| mov dword ptr [esp+30h], eax |
| mov ebx, eax |
| inc esp |
| mov dword ptr [esp+2Ch], ecx |
| movzx ecx, byte ptr [edi+02h] |
| shl ebx, cl |
| mov ecx, ebx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6b5eb0 | 0x4c0 | b)b |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6a5000 | 0x10eb0 | b)b |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x374000 | 0x43bc | "hR |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6b6370 | 0x20 | b)b |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x6a4880 | 0x28 | bbbb |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6a48b0 | 0x140 | bbbb |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| "hR | 0x1000 | 0x561000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| bbbb | 0x562000 | 0x143000 | 0x142a00 | 80d84fc3e7f6b67e27be7615a2010610 | False | 0.999211485373886 | data | 7.999837452913593 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| b)b | 0x6a5000 | 0x12000 | 0x11400 | 0ebb83e4c065739382942bc7e69fdaf9 | False | 0.2616621376811594 | data | 3.947360720361499 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| None | 0x6b5cec | 0x2e | data | 1.108695652173913 | ||
| RT_RCDATA | 0x389d18 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x38cf1c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x390120 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x393324 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x396528 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x39972c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x39c930 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x39fb34 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3a2d38 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3a5f3c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3a9140 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3ac344 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3af548 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3b274c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3b5950 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3b8b54 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3bbd58 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3bef5c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3c2160 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3c5364 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3c8568 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3cb76c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3ce970 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3d1b74 | 0x22 | empty | 0 | ||
| RT_RCDATA | 0x3d1b98 | 0x77 | empty | 0 | ||
| RT_RCDATA | 0x3d1c10 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3d4e14 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3d8018 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3db21c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3de420 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3e1624 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3e4828 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3e7a2c | 0x68b | empty | 0 | ||
| RT_RCDATA | 0x3e80b8 | 0xf | empty | 0 | ||
| RT_RCDATA | 0x3e80c8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3eb2cc | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x3ee4d0 | 0xda443 | empty | 0 | ||
| RT_RCDATA | 0x4c8914 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4cbb18 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4ced1c | 0x4d8a | empty | 0 | ||
| RT_RCDATA | 0x4d3aa8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4d6cac | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4d9eb0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4dd0b4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4e02b8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4e34bc | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4e66c0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4e98c4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4ecac8 | 0x55 | empty | 0 | ||
| RT_RCDATA | 0x4ecb20 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4efd24 | 0x9e | empty | 0 | ||
| RT_RCDATA | 0x4efdc4 | 0x1f2 | empty | 0 | ||
| RT_RCDATA | 0x4effb8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4f31bc | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4f63c0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4f95c4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4fc7c8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x4ff9cc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffa4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffacc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffb4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffbcc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffc4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffccc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffd4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffdcc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffe4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4ffecc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fff4c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x4fffcc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x50004c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x5000cc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x50014c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x5001cc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x50024c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x5002cc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x50034c | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x5003cc | 0x7d | empty | 0 | ||
| RT_RCDATA | 0x50044c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x503650 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x506854 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x509a58 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x50cc5c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x50fe60 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x513064 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x516268 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x51946c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x51c670 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x51f874 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x522a78 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x525c7c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x528e80 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x52c084 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x52f288 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x53248c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x535690 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x538894 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x53ba98 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x53ec9c | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x541ea0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x5450a4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x5482a8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x54b4ac | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x54e6b0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x5518b4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x554ab8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x557cbc | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x55aec0 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x55e0c4 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x5612c8 | 0x3201 | empty | 0 | ||
| RT_RCDATA | 0x5644cc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5676d0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x56a8d4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x56dad8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x570cdc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x573ee0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5770e4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x57a2e8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x57d4ec | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5806f0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5838f4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x586af8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x589cfc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x58cf00 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x590104 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x593308 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x59650c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x599710 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x59c914 | 0x3201 | Dyalog APL external workspace version -15.-68 | 1.0008593078665728 | ||
| RT_RCDATA | 0x59fb18 | 0x3201 | OpenPGP Public Key | 1.0008593078665728 | ||
| RT_RCDATA | 0x5a2d1c | 0x3201 | Novell LANalyzer capture file | 1.0008593078665728 | ||
| RT_RCDATA | 0x5a5f20 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5a9124 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5ac328 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5af52c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5b2730 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5b5934 | 0x3201 | OpenPGP Public Key | 1.0008593078665728 | ||
| RT_RCDATA | 0x5b8b38 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5bbd3c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5bef40 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5c2144 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5c5348 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5c854c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5cb750 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5ce954 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5d1b58 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5d4d5c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5d7f60 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5db164 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5de368 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5e156c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5e4770 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5e7974 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5eab78 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5edd7c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5f0f80 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5f4184 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5f7388 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5fa58c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x5fd790 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x600994 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x603b98 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x606d9c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x609fa0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x60d1a4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6103a8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6135ac | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6167b0 | 0x3201 | OpenPGP Public Key | 1.0008593078665728 | ||
| RT_RCDATA | 0x6199b4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x61cbb8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x61fdbc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x622fc0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6261c4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6293c8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x62c5cc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x62f7d0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6329d4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x635bd8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x638ddc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x63bfe0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x63f1e4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6423e8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6455ec | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x6487f0 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x64b9f4 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x64ebf8 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x651dfc | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x655000 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x658204 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x65b408 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x65e60c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x661810 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x664a14 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x667c18 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x66ae1c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x66e020 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x671224 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x674428 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x67762c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x67a830 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x67da34 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x680c38 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x683e3c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x687040 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x68a244 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x68d448 | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x69064c | 0x3201 | data | 1.0008593078665728 | ||
| RT_RCDATA | 0x693850 | 0x3201 | OpenPGP Secret Key | 1.0008593078665728 | ||
| RT_RCDATA | 0x696a54 | 0x3201 | data | 1.0008593078665728 | ||
| RT_MANIFEST | 0x6b5d20 | 0x2 | data | 5.0 | ||
| RT_MANIFEST | 0x6b5d28 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
| None | 0x699de4 | 0x148 | data | 1.0335365853658536 | ||
| None | 0x699f2c | 0x144 | data | 1.0339506172839505 | ||
| None | 0x69a070 | 0x114 | data | 1.039855072463768 | ||
| None | 0x69a184 | 0xc8 | data | 1.055 | ||
| None | 0x69a24c | 0x16c | data | 1.0302197802197801 | ||
| None | 0x69a3b8 | 0x11a | data | 1.0390070921985815 | ||
| None | 0x69a4d4 | 0xce | data | 1.0533980582524272 | ||
| None | 0x69a5a4 | 0xae | data | 1.0632183908045978 | ||
| None | 0x69a654 | 0xcc | DOS executable (COM) | 1.053921568627451 | ||
| None | 0x69a720 | 0xa8 | data | 1.0654761904761905 | ||
| None | 0x69a7c8 | 0x10a | data | 1.0413533834586466 | ||
| None | 0x69a8d4 | 0xcc | data | 1.053921568627451 | ||
| None | 0x69a9a0 | 0x114 | data | 1.039855072463768 | ||
| None | 0x69aab4 | 0x134 | data | 1.0357142857142858 | ||
| None | 0x69abe8 | 0xdc | data | 1.05 | ||
| None | 0x69acc4 | 0x84 | data | 1.0833333333333333 | ||
| None | 0x69ad48 | 0xa0 | data | 1.06875 | ||
| None | 0x69ade8 | 0x64 | COM executable for DOS | 1.11 | ||
| None | 0x69ae4c | 0xd2 | data | 1.0523809523809524 | ||
| None | 0x69af20 | 0x10c | data | 1.041044776119403 | ||
| None | 0x69b02c | 0x11a | data | 1.0390070921985815 | ||
| None | 0x69b148 | 0xde | data | 1.0495495495495495 | ||
| None | 0x69b228 | 0x18a | data | 1.0279187817258884 | ||
| None | 0x69b3b4 | 0xac | data | 1.063953488372093 | ||
| None | 0x69b460 | 0x150 | data | 1.0327380952380953 | ||
| None | 0x69b5b0 | 0x182 | data | 1.028497409326425 | ||
| None | 0x69b734 | 0x104 | data | 1.0423076923076924 | ||
| None | 0x69b838 | 0xea | data | 1.047008547008547 | ||
| None | 0x69b924 | 0xc0 | data | 1.0572916666666667 | ||
| None | 0x69b9e4 | 0x116 | data | 1.039568345323741 | ||
| None | 0x69bafc | 0x94 | OpenPGP Public Key | 1.0743243243243243 | ||
| None | 0x69bb90 | 0x180 | data | 1.0286458333333333 | ||
| None | 0x69bd10 | 0x16a | data | 1.0303867403314917 | ||
| None | 0x69be7c | 0x13a | data | 1.035031847133758 | ||
| None | 0x69bfb8 | 0xd2 | data | 1.0523809523809524 | ||
| None | 0x69c08c | 0x130 | data | 1.0361842105263157 | ||
| None | 0x69c1bc | 0x84 | data | 1.0833333333333333 | ||
| None | 0x69c240 | 0xb2 | data | 1.0617977528089888 | ||
| None | 0x69c2f4 | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x69c3e8 | 0xcc | data | 1.053921568627451 | ||
| None | 0x69c4b4 | 0x96 | data | 1.0733333333333333 | ||
| None | 0x69c54c | 0x13a | data | 1.035031847133758 | ||
| None | 0x69c688 | 0x100 | data | 1.04296875 | ||
| None | 0x69c788 | 0xf8 | data | 1.0443548387096775 | ||
| None | 0x69c880 | 0x10a | data | 1.0413533834586466 | ||
| None | 0x69c98c | 0xd2 | data | 1.0523809523809524 | ||
| None | 0x69ca60 | 0x8c | data | 1.0785714285714285 | ||
| None | 0x69caec | 0xbe | data | 1.0578947368421052 | ||
| None | 0x69cbac | 0x114 | data | 1.039855072463768 | ||
| None | 0x69ccc0 | 0x7a | data | 1.0901639344262295 | ||
| None | 0x69cd3c | 0x90 | data | 1.0763888888888888 | ||
| None | 0x69cdcc | 0x112 | data | 1.0401459854014599 | ||
| None | 0x69cee0 | 0x138 | data | 1.0352564102564104 | ||
| None | 0x69d018 | 0x12c | data | 1.0366666666666666 | ||
| None | 0x69d144 | 0x9a | data | 1.0714285714285714 | ||
| None | 0x69d1e0 | 0x12c | OpenPGP Secret Key | 1.0366666666666666 | ||
| None | 0x69d30c | 0xbe | data | 1.0578947368421052 | ||
| None | 0x69d3cc | 0xf8 | data | 1.0443548387096775 | ||
| None | 0x69d4c4 | 0x56 | data | 1.127906976744186 | ||
| None | 0x69d51c | 0xe2 | data | 1.0486725663716814 | ||
| None | 0x69d600 | 0x140 | data | 1.034375 | ||
| None | 0x69d740 | 0xb8 | data | 1.059782608695652 | ||
| None | 0x69d7f8 | 0x128 | data | 1.037162162162162 | ||
| None | 0x69d920 | 0xe8 | data | 1.0474137931034482 | ||
| None | 0x69da08 | 0x9c | data | 1.0705128205128205 | ||
| None | 0x69daa4 | 0x12e | data | 1.0364238410596027 | ||
| None | 0x69dbd4 | 0xb0 | data | 1.0625 | ||
| None | 0x69dc84 | 0xf2 | data | 1.0454545454545454 | ||
| None | 0x69dd78 | 0xd4 | data | 1.0518867924528301 | ||
| None | 0x69de4c | 0xf6 | data | 1.0447154471544715 | ||
| None | 0x69df44 | 0x11e | data | 1.0384615384615385 | ||
| None | 0x69e064 | 0xc4 | data | 1.0561224489795917 | ||
| None | 0x69e128 | 0x10a | data | 1.0413533834586466 | ||
| None | 0x69e234 | 0x90 | data | 1.0763888888888888 | ||
| None | 0x69e2c4 | 0xc0 | data | 1.0572916666666667 | ||
| None | 0x69e384 | 0x11c | data | 1.0387323943661972 | ||
| None | 0x69e4a0 | 0x132 | data | 1.0359477124183007 | ||
| None | 0x69e5d4 | 0x128 | data | 1.037162162162162 | ||
| None | 0x69e6fc | 0x72 | data | 1.0964912280701755 | ||
| None | 0x69e770 | 0x96 | data | 1.0733333333333333 | ||
| None | 0x69e808 | 0xcc | data | 1.053921568627451 | ||
| None | 0x69e8d4 | 0xfa | data | 1.044 | ||
| None | 0x69e9d0 | 0xa8 | data | 1.0654761904761905 | ||
| None | 0x69ea78 | 0xc0 | data | 1.0572916666666667 | ||
| None | 0x69eb38 | 0xde | data | 1.0495495495495495 | ||
| None | 0x69ec18 | 0x10e | OpenPGP Secret Key | 1.0407407407407407 | ||
| None | 0x69ed28 | 0x98 | data | 1.0723684210526316 | ||
| None | 0x69edc0 | 0x17a | data | 1.029100529100529 | ||
| None | 0x69ef3c | 0xd6 | data | 1.0514018691588785 | ||
| None | 0x69f014 | 0x9a | data | 1.0714285714285714 | ||
| None | 0x69f0b0 | 0xf0 | data | 1.0458333333333334 | ||
| None | 0x69f1a0 | 0xea | data | 1.047008547008547 | ||
| None | 0x69f28c | 0x98 | data | 1.0723684210526316 | ||
| None | 0x69f324 | 0x78 | data | 1.0916666666666666 | ||
| None | 0x69f39c | 0xf4 | data | 1.0450819672131149 | ||
| None | 0x69f490 | 0x120 | data | 1.0381944444444444 | ||
| None | 0x69f5b0 | 0xaa | data | 1.0647058823529412 | ||
| None | 0x69f65c | 0xc4 | data | 1.0561224489795917 | ||
| None | 0x69f720 | 0xc6 | data | 1.0555555555555556 | ||
| None | 0x69f7e8 | 0x66 | data | 1.107843137254902 | ||
| None | 0x69f850 | 0xec | data | 1.0466101694915255 | ||
| None | 0x69f93c | 0x134 | data | 1.0357142857142858 | ||
| None | 0x69fa70 | 0x5a | data | 1.1222222222222222 | ||
| None | 0x69facc | 0x8c | data | 1.0785714285714285 | ||
| None | 0x69fb58 | 0xe4 | data | 1.0482456140350878 | ||
| None | 0x69fc3c | 0x172 | data | 1.0297297297297296 | ||
| None | 0x69fdb0 | 0x11a | data | 1.0390070921985815 | ||
| None | 0x69fecc | 0xec | data | 1.0466101694915255 | ||
| None | 0x69ffb8 | 0xe6 | data | 1.0478260869565217 | ||
| None | 0x6a00a0 | 0xb8 | data | 1.059782608695652 | ||
| None | 0x6a0158 | 0x128 | data | 1.037162162162162 | ||
| None | 0x6a0280 | 0x114 | data | 1.039855072463768 | ||
| None | 0x6a0394 | 0x132 | data | 1.0359477124183007 | ||
| None | 0x6a04c8 | 0xfe | data | 1.0433070866141732 | ||
| None | 0x6a05c8 | 0x80 | OpenPGP Secret Key | 1.0859375 | ||
| None | 0x6a0648 | 0xca | data | 1.0544554455445545 | ||
| None | 0x6a0714 | 0xdc | data | 1.05 | ||
| None | 0x6a07f0 | 0x154 | data | 1.0323529411764707 |
| DLL | Import |
|---|---|
| api-ms-win-crt-heap-l1-1-0.dll | free |
| api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
| api-ms-win-crt-math-l1-1-0.dll | cosf |
| api-ms-win-crt-runtime-l1-1-0.dll | exit |
| api-ms-win-crt-stdio-l1-1-0.dll | fseek |
| api-ms-win-crt-string-l1-1-0.dll | strcmp |
| api-ms-win-crt-utility-l1-1-0.dll | qsort |
| d3d9.dll | Direct3DCreate9 |
| IMM32.dll | ImmGetContext |
| KeRNeL32.dlL | LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect |
| MSVCP140.dll | _Query_perf_counter |
| OLE32.Dll | CoTaskMemFree |
| SHELL32.dll | ShellExecuteA |
| USER32.dll | SetCursor |
| VCRUNTIME140.dll | memcpy |
| VCRUNTIME140_1.dll | __CxxFrameHandler4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-08T02:10:58.062907+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 8, 2024 02:10:55.792361021 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:55.792408943 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:55.792552948 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:55.801534891 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:55.801551104 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:57.030889034 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:57.030961990 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:57.687709093 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:57.687725067 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:57.688004971 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:57.688128948 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:57.691318035 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:57.735323906 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:58.062921047 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:58.062983990 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:58.062990904 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Dec 8, 2024 02:10:58.063034058 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:58.064325094 CET | 49704 | 443 | 192.168.2.5 | 104.26.9.59 |
| Dec 8, 2024 02:10:58.064341068 CET | 443 | 49704 | 104.26.9.59 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 8, 2024 02:10:55.544616938 CET | 49221 | 53 | 192.168.2.5 | 1.1.1.1 |
| Dec 8, 2024 02:10:55.772116899 CET | 53 | 49221 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 8, 2024 02:10:55.544616938 CET | 192.168.2.5 | 1.1.1.1 | 0x4de | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 8, 2024 02:10:55.772116899 CET | 1.1.1.1 | 192.168.2.5 | 0x4de | No error (0) | 104.26.9.59 | A (IP address) | IN (0x0001) | false | ||
| Dec 8, 2024 02:10:55.772116899 CET | 1.1.1.1 | 192.168.2.5 | 0x4de | No error (0) | 104.26.8.59 | A (IP address) | IN (0x0001) | false | ||
| Dec 8, 2024 02:10:55.772116899 CET | 1.1.1.1 | 192.168.2.5 | 0x4de | No error (0) | 172.67.75.163 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49704 | 104.26.9.59 | 443 | 1488 | C:\Users\user\Desktop\Nexus-Executor.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-08 01:10:57 UTC | 182 | OUT | |
| 2024-12-08 01:10:58 UTC | 777 | IN | |
| 2024-12-08 01:10:58 UTC | 63 | IN | |
| 2024-12-08 01:10:58 UTC | 5 | IN |
| Target ID: | 0 |
| Start time: | 20:10:53 |
| Start date: | 07/12/2024 |
| Path: | C:\Users\user\Desktop\Nexus-Executor.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff762a90000 |
| File size: | 1'393'194 bytes |
| MD5 hash: | 1D5119509128D468DD629FFF653A096A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 2.7% |
| Dynamic/Decrypted Code Coverage: | 9% |
| Signature Coverage: | 25.8% |
| Total number of Nodes: | 708 |
| Total number of Limit Nodes: | 26 |
Graph
Function 00007FF762AE4320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADF7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE0330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182keyboardCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADF2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE3B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126nativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762ADEA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F784117750 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762ADFCE0 Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE3DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE6800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A9D4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC21B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE3F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F78417F2BC Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AD6090 Relevance: 58.2, APIs: 5, Strings: 26, Instructions: 3919COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A99E10 Relevance: 50.0, APIs: 3, Strings: 25, Instructions: 1049COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC25F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A97390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADCB40 Relevance: 23.8, APIs: 4, Strings: 9, Instructions: 1043COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE0D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AA6EC0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 524COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A96CB0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 396COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB1D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB6C90 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 830COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB1C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AEC388 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ABDB50 Relevance: .9, Instructions: 868COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A95D90 Relevance: .6, Instructions: 579COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADA370 Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ABC270 Relevance: .4, Instructions: 405COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC6BC0 Relevance: .4, Instructions: 396COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADBA80 Relevance: .4, Instructions: 362COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A99730 Relevance: .3, Instructions: 301COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADE5B0 Relevance: .3, Instructions: 275COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ABAD40 Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AA5A30 Relevance: .3, Instructions: 251COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AAF250 Relevance: .2, Instructions: 185COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F7840A3841 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F784054850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AA7C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762A9C240 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 313COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AD52B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 211COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC19E0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 180COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AC0850 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 322COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AA3320 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ACDF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F78409A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F78409AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F78409A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AC4020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A9D070 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 172COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A9B560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 159COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F7840A0EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AE0C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A9CB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB9E40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A98380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ACCA90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AD38D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762ACE150 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC13B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A92E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE13F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB1F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762ADFA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AE14F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F78405E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762A97D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F7840A3328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AB1090 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F78406C5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AE1091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB41F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F784054AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762AA3110 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC1620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001F7840C2950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F784053D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F7840B5560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001F784074B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF762A99BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB0E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB2A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB2BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB2810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762A9B200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AD5F80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB3820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AB1E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF762AC7320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|