Windows
Analysis Report
vQu0zndLpi.dll
Overview
General Information
Sample name: | vQu0zndLpi.dllrenamed because original name is a hash value |
Original sample name: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe |
Analysis ID: | 1572522 |
MD5: | 6b0b96b6ec7950943213da4f98fab1c7 |
SHA1: | 502b8b7c5888b476365345d029df4f1d80c381c2 |
SHA256: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18 |
Tags: | 45-66-248-99exenembo81pruser-JAMESWT_MHT |
Infos: | |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 7476 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\vQu 0zndLpi.dl l" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 7484 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7528 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\vQu 0zndLpi.dl l",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 7552 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",#1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7668 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 552 -s 468 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7536 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, xtart MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7808 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, start MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7844 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vQu0z ndLpi.dll, DllWinMain MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7908 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",xtart MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7920 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",start MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7936 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",DllWinMa in MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7944 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vQu0 zndLpi.dll ",UnInstal l MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 10_2_0000016C5BFF3C80 |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 4_2_00007FF8E7DF3AF0 | |
Source: | Code function: | 4_2_00007FF8E7DB8880 | |
Source: | Code function: | 4_2_00007FF8E7D8B890 | |
Source: | Code function: | 4_2_00007FF8E7DCE890 | |
Source: | Code function: | 4_2_00007FF8E7DCA820 | |
Source: | Code function: | 4_2_00007FF8E7D737E0 | |
Source: | Code function: | 4_2_00007FF8E7DD87C0 | |
Source: | Code function: | 4_2_00007FF8E7DBB7A0 | |
Source: | Code function: | 4_2_00007FF8E7D89750 | |
Source: | Code function: | 4_2_00007FF8E7DD7700 | |
Source: | Code function: | 4_2_00007FF8E7E0E6DC | |
Source: | Code function: | 4_2_00007FF8E7DC66C0 | |
Source: | Code function: | 4_2_00007FF8E7DB26D0 | |
Source: | Code function: | 4_2_00007FF8E7DC3600 | |
Source: | Code function: | 4_2_00007FF8E7DFC5C8 | |
Source: | Code function: | 4_2_00007FF8E7D8F5B0 | |
Source: | Code function: | 4_2_00007FF8E7DA3590 | |
Source: | Code function: | 4_2_00007FF8E7DA0530 | |
Source: | Code function: | 4_2_00007FF8E7DC64F0 | |
Source: | Code function: | 4_2_00007FF8E7DC43E0 | |
Source: | Code function: | 4_2_00007FF8E7D8A3C0 | |
Source: | Code function: | 4_2_00007FF8E7DFC360 | |
Source: | Code function: | 4_2_00007FF8E7DAA320 | |
Source: | Code function: | 4_2_00007FF8E7D96310 | |
Source: | Code function: | 4_2_00007FF8E7E14248 | |
Source: | Code function: | 4_2_00007FF8E7D991D7 | |
Source: | Code function: | 4_2_00007FF8E7DDC190 | |
Source: | Code function: | 4_2_00007FF8E7DD8150 | |
Source: | Code function: | 4_2_00007FF8E7DD30E0 | |
Source: | Code function: | 4_2_00007FF8E7DCB0B0 | |
Source: | Code function: | 4_2_00007FF8E7DC3040 | |
Source: | Code function: | 4_2_00007FF8E7E0D020 | |
Source: | Code function: | 4_2_00007FF8E7DB8010 | |
Source: | Code function: | 4_2_00007FF8E7DF2FF0 | |
Source: | Code function: | 4_2_00007FF8E7E07F78 | |
Source: | Code function: | 4_2_00007FF8E7E0FF58 | |
Source: | Code function: | 4_2_00007FF8E7E0BE08 | |
Source: | Code function: | 4_2_00007FF8E7E11D90 | |
Source: | Code function: | 4_2_00007FF8E7D84D30 | |
Source: | Code function: | 4_2_00007FF8E7E05C40 | |
Source: | Code function: | 4_2_00007FF8E7DB5C50 | |
Source: | Code function: | 4_2_00007FF8E7DD8C00 | |
Source: | Code function: | 4_2_00007FF8E7DF3BE4 | |
Source: | Code function: | 4_2_00007FF8E7DC3BE0 | |
Source: | Code function: | 4_2_00007FF8E7D96B40 | |
Source: | Code function: | 4_2_00007FF8E7E08A84 | |
Source: | Code function: | 4_2_00007FF8E7DBDA50 | |
Source: | Code function: | 4_2_00007FF8E7E0DA2C | |
Source: | Code function: | 4_2_00007FF8E7DCF9E0 | |
Source: | Code function: | 4_2_00007FF8E7DBF9F0 | |
Source: | Code function: | 4_2_00007FF8E7DD59F0 | |
Source: | Code function: | 4_2_00007FF8E7D88960 | |
Source: | Code function: | 10_2_0000016C5BFF826A | |
Source: | Code function: | 13_2_000001D6AE6B826A |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 4_2_00007FF8E7DCA4B0 |
Source: | Code function: | 4_2_00007FF8E7D8B890 |
Source: | Code function: | 4_2_00007FF8E7D8EA90 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 4_2_00007FF8E7DF3E90 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 4_2_00007FF8E7DC8440 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_00007FF8E7DF0B94 |
Source: | Code function: | 4_2_00007FF8E7DF0B94 |
Source: | Code function: | 4_2_00007FF8E7DF3E90 |
Source: | Code function: | 4_2_00007FF8E7D71C00 |
Source: | Code function: | 4_2_00007FF8E7DF9A28 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 4_2_00007FF8E7DC6C20 |
Source: | Code function: | 4_2_00007FF8E7DC63B0 |
Source: | Code function: | 4_2_00007FF8E7E1A898 | |
Source: | Code function: | 4_2_00007FF8E7E106B8 | |
Source: | Code function: | 4_2_00007FF8E7E1A458 | |
Source: | Code function: | 4_2_00007FF8E7E1A388 | |
Source: | Code function: | 4_2_00007FF8E7E1A038 | |
Source: | Code function: | 4_2_00007FF8E7E10C4C | |
Source: | Code function: | 4_2_00007FF8E7E1AA74 |
Source: | Code function: | 4_2_00007FF8E7DB8010 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 111 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 111 Process Injection | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win64.Downloader.ZLoader |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.66.248.99 | unknown | Russian Federation | 53356 | FREERANGECLOUDCA | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1572522 |
Start date and time: | 2024-12-10 16:50:15 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | vQu0zndLpi.dllrenamed because original name is a hash value |
Original Sample Name: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18.dll.exe |
Detection: | MAL |
Classification: | mal60.evad.winDLL@21/5@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173, 13.107.246.40, 20.190.159.23, 172.202.163.200
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: vQu0zndLpi.dll
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FREERANGECLOUDCA | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Raccoon Stealer v2 | Browse |
| ||
Get hash | malicious | PureLog Stealer, Raccoon Stealer v2, SmokeLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, HTMLPhisher, Clipboard Hijacker, Phorpiex, PureLog Stealer, Raccoon Stealer v2, RedLine | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vQu_bf88271f391678879aeb028db498ef27a519745_bcdf938d_5b0df173-7573-42c5-a940-fac4fd2dc333\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8158221362514262 |
Encrypted: | false |
SSDEEP: | 192:P7KRiEzyouu0H2MtjV/vzuiF3Z24lO8g/:zKRiNouVH2MtjFzuiF3Y4lO8w |
MD5: | 0E40A60B0C7B88B6F1E79C7DD58EF26A |
SHA1: | A22DDB43B5F04ACDEF50C9F270C9D85B2267D6A8 |
SHA-256: | E129A1DC837E912F9D6A56B25CC80228946B1C495E1895652BF2D7660BB42703 |
SHA-512: | E6C420B39BB76F1DD4C618A11BCD076F3FCC7294A0E33F7FD4968668CAC33A50F5D2E4A0D6E53F80612742E144572D6F1283FE3F9D9EC4B71E0A903AD23BCA90 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 566698 |
Entropy (8bit): | 1.4533219106893092 |
Encrypted: | false |
SSDEEP: | 384:/FMBFVWjLpKInd1broP6SLzN9uasgRhf/w3NUnx+i/2s6zWxZ5WiVKQZ9vfQA6e4:tMB8x3+Sz7qmQU3o19hVVpc |
MD5: | B47FD5F032437D97BE9DF61840D6101B |
SHA1: | 1CBD0853099D3DF9613B1414EBFA93A4F58BDC14 |
SHA-256: | ADE4D9D6A5FE3A1917D01AF199795EF8C5F7BE7EBFEB2E24183115DE5DEC5A44 |
SHA-512: | 867AFB3E055F88388F19976EC5C3E0C828363BC9E130A37E5B427AC31195A82438C7348A2D0A3B21A502EA66E5535D31BC2ADC11E009F70048C7FFA10EE3485E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8530 |
Entropy (8bit): | 3.697826936796312 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJAjrndQ6YrDJ+5gmfp9jpD089bd/SfoKbfm:R6lXJqr66YHJogmfp93dKfoKq |
MD5: | 88DAF9F07305747426CDE1C30E753B97 |
SHA1: | DAFDC20422822B87524470F4D50D0683E71B9D50 |
SHA-256: | CA374A422E0E1A4D2E79E34712CCCA8A073603D21BC7F830CBE20CCBADE53B78 |
SHA-512: | 41534E08C9E1647B296E9C54A3021E14DC8907354D85BB9237339814E30D89D99C9A10F2158F7B392547A5CEE913AE78E71F74A0318A52AA2A4E9C0E483D8989 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4759 |
Entropy (8bit): | 4.487588012728869 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsgJg771I9OJWpW8VY3CYm8M4JCY9CY1+AK6FwUpyyq85mYgAsxRptSTU:uIjfmI7947VmJ7VfK3SzSpoONd |
MD5: | 6D76A69D772009B883518AA1B6846F59 |
SHA1: | BF83C6F16726BB996F6F1E041935454145A88B1F |
SHA-256: | A18A03BF5CF164C8BDA9FAD3CCE6F917FD92C73B43F8D8DEC8A892C8134FB346 |
SHA-512: | 609A49270779778931D42D483E650FF8EAEAC18D78BFEA0FB9CCEB7077E857D326CF68B3EBF4DB338D15929826FE3DD815024973B8EA1DF5CE803B25139D6EF3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.394723751836357 |
Encrypted: | false |
SSDEEP: | 6144:0l4fiJoH0ncNXiUjt10qCG/gaocYGBoaUMMhA2NX4WABlBuNAfOBSqa:s4vFCMYQUMM6VFYSfU |
MD5: | 27835D65F1CE8B811731F05B1444E7D3 |
SHA1: | 2D9FFA166FDC6BB8DF3F6F9D28FE1BD8DA0DF41D |
SHA-256: | 4D6EBA44F6E589F6968AFAE33E0825532F21F7C6241AB69A19595682093BCA69 |
SHA-512: | 3F58051435571B9EB5483A6D4128DA8955860813AD928AAA570FFAE8820769B88392039440F358A4F946F4EA5B930D0E5B8061B2D6D20CAC3F3D0FCB32523544 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.476113305296515 |
TrID: |
|
File name: | vQu0zndLpi.dll |
File size: | 1'138'176 bytes |
MD5: | 6b0b96b6ec7950943213da4f98fab1c7 |
SHA1: | 502b8b7c5888b476365345d029df4f1d80c381c2 |
SHA256: | bef34611564f850070ab13288c6d52de24fbcfc2ede9323eb675d32a31413f18 |
SHA512: | f80bbffc22aa041eb1ccbb39f390fd322ab2b701b30d83e6872b68bc85b8c645d076b7216c5da6eab159fc9074bfc2c8410db6a6ce2e1c658868086dc88c6951 |
SSDEEP: | 24576:D+XUNkTrLLAhpLJdqhQZE8cpKPpo1MsAVHB+FYiY25r3wai:iXUNuAhpXqa+8cpKBgZAZBvig |
TLSH: | 7C356B1767F805A8E8B6D178897B5806F736B41587309AEF02D0226B1F77BE08E7E711 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.........................5...............................................................a...J.......J.......J.............. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x180083a90 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0x66FA53D2 [Mon Sep 30 07:31:30 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 767132e147d9da374bf0eb60457b20e1 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
dec eax |
sub esp, 28h |
cmp edx, 01h |
jne 00007F2C0CCB30C6h |
dec eax |
mov edx, ecx |
dec eax |
add edx, 001013B8h |
call 00007F2C0CCB30FDh |
dec sp |
movd mm5, eax |
mov eax, 00000001h |
dec eax |
add esp, 28h |
ret |
dec eax |
sub esp, 28h |
dec sp |
movd eax, mm5 |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007F2C0CCB3093h |
mov edx, 00001BD8h |
dec eax |
mov ecx, eax |
call 00007F2C0CCB376Fh |
call eax |
xor eax, eax |
dec eax |
add esp, 28h |
ret |
int3 |
dec eax |
mov dword ptr [esp+10h], ebx |
dec eax |
mov dword ptr [esp+08h], ecx |
push ebp |
push esi |
push edi |
inc ecx |
push esp |
inc ecx |
push ebp |
inc ecx |
push esi |
inc ecx |
push edi |
dec eax |
lea ebp, dword ptr [esp-27h] |
dec eax |
sub esp, 00000100h |
inc ebp |
xor esp, esp |
dec eax |
mov ebx, edx |
mov dword ptr [esp+20h], 4C682648h |
mov dword ptr [esp+24h], 436D2A5Fh |
mov dword ptr [esp+28h], 4F4D674Fh |
mov dword ptr [esp+2Ch], 75352979h |
inc sp |
mov dword ptr [esp+50h], esp |
mov byte ptr [esp+30h], 00000000h |
mov dword ptr [esp+38h], 0065006Bh |
mov dword ptr [esp+3Ch], 006E0072h |
mov dword ptr [esp+40h], 00000065h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xede80 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xedf0c | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x101000 | 0x196ec | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf8000 | 0x744c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xfcc00 | 0x4dc8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x11b000 | 0x156c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd9330 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xd9500 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xd93a0 | 0x138 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb7000 | 0x5f8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb572c | 0xb5800 | fc6ea9a56a230231c4bb1fdc5ef08421 | False | 0.4668183970385675 | data | 6.386830917577598 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb7000 | 0x383b6 | 0x38400 | ec611e4019790695ac7d6d148ac88116 | False | 0.3645833333333333 | data | 4.902790895501739 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf0000 | 0x749c | 0x5800 | 68b698e4c7307e6be67b30c865614f37 | False | 0.15185546875 | data | 4.497462253406015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xf8000 | 0x744c | 0x7600 | 27d6cbc5cf6ad3575f8a0f04a40429a3 | False | 0.4889433262711864 | PEX Binary Archive | 5.836748779718831 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x100000 | 0xf4 | 0x200 | 3becaaa5faf69c9c92c0abf64cce14d9 | False | 0.3046875 | data | 2.4434385797190123 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x101000 | 0x196ec | 0x19800 | a2add8433692a7f4ef3e303d8b906d10 | False | 0.5730602787990197 | data | 7.1419435849845465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x11b000 | 0x156c | 0x1600 | 94db310f1ca40a2e184b4684ec88d3df | False | 0.37659801136363635 | data | 5.401573591665021 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x1010e8 | 0x2d0 | data | English | United States | 0.46805555555555556 |
RT_ANICURSOR | 0x1013b8 | 0x191b2 | data | 0.5751210689071707 | ||
RT_MANIFEST | 0x11a56c | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
RPCRT4.dll | UuidToStringW, UuidCreate, RpcStringFreeW |
KERNEL32.dll | LoadLibraryExW, SizeofResource, LockResource, LoadResource, FindResourceExW, FindResourceW, EnterCriticalSection, ReleaseSemaphore, LeaveCriticalSection, InitializeCriticalSection, WaitForThreadpoolTimerCallbacks, GetCurrentThreadId, CloseThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolTimer, CloseHandle, SetThreadpoolTimer, SetThreadpoolWait, CreateSemaphoreW, MultiByteToWideChar, GetModuleHandleW, WideCharToMultiByte, LocalFree, DeleteCriticalSection, GetCurrentProcessId, CreateFileW, GetFileTime, FileTimeToSystemTime, GetSystemTime, CreateProcessW, DeleteProcThreadAttributeList, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, GetExitCodeProcess, CreateThreadpoolWait, CreateThreadpoolTimer, CreateEventW, ResetEvent, LocalAlloc, CreateThread, OpenProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, WriteConsoleW, FreeEnvironmentStringsW, GetEnvironmentStringsW, DecodePointer, RaiseException, InitializeCriticalSectionEx, WaitForSingleObject, SetEvent, GetLastError, VerSetConditionMask, VerifyVersionInfoW, GetModuleHandleExW, Sleep, GetProcAddress, LoadLibraryW, GetModuleFileNameW, FreeLibrary, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, FormatMessageA, SetStdHandle, ExitProcess, GetCommandLineW, RtlUnwind, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, ReadConsoleW, GetConsoleMode, GetConsoleOutputCP, WriteFile, GetFileType, GetStdHandle, ReadFile, SetConsoleCtrlHandler, FreeLibraryAndExitThread, ExitThread, FlushFileBuffers, GetFileSizeEx, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, TlsFree, LCMapStringW, IsDebuggerPresent, OutputDebugStringW, GetStringTypeW, WaitForSingleObjectEx, GetExitCodeThread, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryEnterCriticalSection, FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetEndOfFile, SetFilePointerEx, GetFileInformationByHandleEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, GetSystemTimeAsFileTime, GetCPInfo, InitializeCriticalSectionAndSpinCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, InterlockedFlushSList, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue |
USER32.dll | AllowSetForegroundWindow |
ADVAPI32.dll | RevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, QueryServiceStatusEx, OpenSCManagerW, OpenServiceW, GetSecurityInfo, GetSidIdentifierAuthority, GetAce, GetSidSubAuthority, GetSidSubAuthorityCount, EqualSid, ConvertSidToStringSidW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, RegDeleteKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, CloseServiceHandle, RegSetKeyValueW, RegOpenKeyExW, RegGetValueW, RegCloseKey |
SHELL32.dll | CommandLineToArgvW, SHGetKnownFolderPath |
ole32.dll | CoInitializeEx, CoUninitialize, CoSetProxyBlanket, CoTaskMemFree, CoCreateInstance |
OLEAUT32.dll | SysAllocString, VariantClear, SafeArrayCreate, VariantInit, SysStringLen, SysAllocStringLen, SysFreeString |
SHLWAPI.dll | PathRemoveFileSpecW, PathAppendW, PathIsRelativeW |
WINMM.dll | timeGetTime |
ntdll.dll | RtlLookupFunctionEntry, RtlVirtualUnwind, RtlCaptureContext |
Name | Ordinal | Address |
---|---|---|
xtart | 1 | 0x180020ad0 |
start | 2 | 0x180020b00 |
DllWinMain | 4 | 0x18005b0b0 |
UnInstall | 3 | 0x18006cfe0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 10, 2024 16:51:12.912008047 CET | 49718 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:12.912060022 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.9 |
Dec 10, 2024 16:51:12.912136078 CET | 49718 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:12.915303946 CET | 49718 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:12.915326118 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.9 |
Dec 10, 2024 16:51:12.915455103 CET | 443 | 49718 | 45.66.248.99 | 192.168.2.9 |
Dec 10, 2024 16:51:19.638989925 CET | 49736 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:19.639044046 CET | 443 | 49736 | 45.66.248.99 | 192.168.2.9 |
Dec 10, 2024 16:51:19.639130116 CET | 49736 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:19.651829958 CET | 49736 | 443 | 192.168.2.9 | 45.66.248.99 |
Dec 10, 2024 16:51:19.651842117 CET | 443 | 49736 | 45.66.248.99 | 192.168.2.9 |
Dec 10, 2024 16:51:19.651887894 CET | 443 | 49736 | 45.66.248.99 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 10, 2024 16:51:06.284918070 CET | 1.1.1.1 | 192.168.2.9 | 0xaf32 | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 10, 2024 16:51:06.284918070 CET | 1.1.1.1 | 192.168.2.9 | 0xaf32 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:51:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d5dd0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:51:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:51:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff669af0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:51:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:51:08 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 10:51:09 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6858d0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 10:51:11 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 10:51:14 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:51:17 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 10:51:18 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 10:51:18 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 10:51:18 |
Start date: | 10/12/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70c010000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 88.9% |
Total number of Nodes: | 9 |
Total number of Limit Nodes: | 4 |
Graph
Function 00007FF8E7DF2FF0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 322memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF3AF0 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 215memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF3BE4 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 189memorylibraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF3E90 Relevance: 3.1, APIs: 2, Instructions: 113libraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC8440 Relevance: 111.1, APIs: 43, Strings: 20, Instructions: 821libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D8F5B0 Relevance: 53.1, APIs: 35, Instructions: 619synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D8A3C0 Relevance: 37.9, APIs: 4, Strings: 17, Instructions: 1145timecomCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCB0B0 Relevance: 37.7, APIs: 6, Strings: 15, Instructions: 943COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA0530 Relevance: 35.6, APIs: 1, Strings: 19, Instructions: 588timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC43E0 Relevance: 35.5, APIs: 4, Strings: 16, Instructions: 547COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB5C50 Relevance: 32.5, APIs: 6, Strings: 12, Instructions: 1004timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB8010 Relevance: 30.1, APIs: 10, Strings: 7, Instructions: 361timefileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD30E0 Relevance: 28.9, APIs: 4, Strings: 12, Instructions: 853COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D8B890 Relevance: 28.7, APIs: 7, Strings: 9, Instructions: 664comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB8880 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 570timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DAA320 Relevance: 26.8, APIs: 11, Strings: 4, Instructions: 514COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D89750 Relevance: 25.2, APIs: 5, Strings: 9, Instructions: 688comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC64F0 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 411COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E14248 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD7700 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 552COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D84D30 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 549COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCE890 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 324COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC6C20 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 215COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DDC190 Relevance: 19.8, APIs: 5, Strings: 6, Instructions: 559COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC66C0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 366COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCA820 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 473COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB26D0 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBB7A0 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 395COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC3600 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 298synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC3040 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 360threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA3590 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 258COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1A038 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D737E0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 505COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E0D020 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC63B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCA4B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E10C4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E0FF58 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E07F78 Relevance: 3.2, APIs: 2, Instructions: 207COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1A388 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1A458 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E106B8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D96310 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E0BE08 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D78D70 Relevance: 71.9, APIs: 21, Strings: 20, Instructions: 149libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DAA3A7 Relevance: 53.0, APIs: 28, Strings: 2, Instructions: 450COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DAA6F7 Relevance: 44.1, APIs: 24, Strings: 1, Instructions: 333COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DAB06D Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA0F50 Relevance: 38.6, APIs: 2, Strings: 20, Instructions: 107COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E11114 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA1790 Relevance: 33.3, APIs: 3, Strings: 16, Instructions: 90timeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCE170 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 255libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D87F00 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 382memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA9210 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 278libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D844C0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 105libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9F560 Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 403COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBEEE0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 314COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7E220 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 288memorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D72200 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 288memorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D87360 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 245timeregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D81580 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 246timesynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9D0B0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 341libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9E8B0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 254COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD1CF0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 216timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD2100 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 98serviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7B3B0 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 323timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D94620 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC0070 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 176libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9E210 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 368COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7A070 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 349windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9EC90 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 265COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBD610 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 259COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D951F0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9C0A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 193COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB9690 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 178timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D87060 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 164timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC1E20 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153threadtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D81020 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134timethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD08D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132servicetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB5210 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB7810 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 255timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF01B0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 253COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD28C0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 230timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD7060 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 206timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D8C640 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 195registrytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D90490 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC1400 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 181registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB5490 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D83690 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC16F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBD190 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 152timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB2410 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D84170 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D985D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 110timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D983E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 110timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D981F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 109timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E07458 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E01020 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 479COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7C020 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 365timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DDFEB0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 312COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB1F80 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 304timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA3080 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 298COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1323C Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB71C0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 245timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D877C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 212timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E126F8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB7CA0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 199timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7D300 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 198timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7A890 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 185comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D82600 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7DF00 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 185comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D71EE0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 185comtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D94EC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCD170 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD2CB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD16D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD10F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 128timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB9CE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 109timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD0F30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 89timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD1520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D977B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D97620 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1D89C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D82CF0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF284C Relevance: 9.2, APIs: 6, Instructions: 203COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D84730 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 399COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9CC80 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 267COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D764E0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D80390 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D72F90 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 193timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7E6F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D726D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D7B080 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 184timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D88640 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD7400 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 179timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9F270 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCD4D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 174COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB4870 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB3670 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB33B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB30F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC22F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD6050 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D95EC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9F080 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D95C90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC70B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 131COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD0CF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 129timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D771E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D82FB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCC3A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB1800 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9A880 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9A740 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D8C4A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1CDA4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC1000 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 268threadtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD4040 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCA580 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 159COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D95650 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCE530 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB6F60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD63F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB75D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D76360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D761D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD1320 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D98020 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD6EA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBCFD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA2ED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA8E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBD470 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBAF70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBADC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB57C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBB2B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC8160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBB120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC7F60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA6D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA3B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA240 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DBA0D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB9F60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC82B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9BFA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DF5DF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCA440 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D790F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC7D40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D903B0 Relevance: 6.1, APIs: 4, Instructions: 62threadtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA01D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D93FC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 198COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D81290 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCD780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DFAFB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D96740 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E0D490 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA9FA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DD26A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB94C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E1249C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7D9BE20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DAE400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DA9650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC78D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB1CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCE770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69serviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DCA320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E16560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DC6FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E075D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E102C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7DB86D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E10E60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF8E7E10CD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|