Windows
Analysis Report
ldqj18tn.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ldqj18tn.exe (PID: 8140 cmdline:
"C:\Users\ user\Deskt op\ldqj18t n.exe" MD5: 574AB8397D011243CB52BEF069BAD2DC) - cmd.exe (PID: 7460 cmdline:
"C:\Window s\System32 \cmd.exe" /c copy De scending D escending. bat & Desc ending.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7476 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - tasklist.exe (PID: 7576 cmdline:
tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1) - findstr.exe (PID: 7564 cmdline:
findstr /I "wrsa ops svc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) - tasklist.exe (PID: 1244 cmdline:
tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1) - findstr.exe (PID: 7852 cmdline:
findstr -I "avastui avgui bdse rvicehost nswscsvc s ophoshealt h" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) - cmd.exe (PID: 5612 cmdline:
cmd /c md 704579 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - findstr.exe (PID: 7068 cmdline:
findstr /V "MARTNMSP IDERRINGTO NE" Mh MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) - cmd.exe (PID: 1672 cmdline:
cmd /c cop y /b ..\Co nsequence + ..\Gentl y + ..\Sit uations + ..\Interna tional + . .\Jet + .. \Commoditi es + ..\Mo od + ..\Fa stest + .. \Estimate + ..\Jessi ca + ..\Pr of + ..\Be coming + . .\Princess + ..\Requ ired + ..\ Traveller + ..\Again st u MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - Organizational.pif (PID: 3488 cmdline:
Organizati onal.pif u MD5: 18CE19B57F43CE0A5AF149C96AECC685) - cmd.exe (PID: 5844 cmdline:
cmd /k ech o [Interne tShortcut] > "C:\Use rs\user\Ap pData\Roam ing\Micros oft\Window s\Start Me nu\Program s\Startup\ InnoMesh.u rl" & echo URL="C:\U sers\user\ AppData\Lo cal\TechMe sh Dynamic s\InnoMesh .js" >> "C :\Users\us er\AppData \Roaming\M icrosoft\W indows\Sta rt Menu\Pr ograms\Sta rtup\InnoM esh.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 5904 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - choice.exe (PID: 7556 cmdline:
choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
- wscript.exe (PID: 7400 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Loc al\TechMes h Dynamics \InnoMesh. js" MD5: A47CBE969EA935BDD3AB568BB126BC80) - InnoMesh.scr (PID: 1704 cmdline:
"C:\Users\ user\AppDa ta\Local\T echMesh Dy namics\Inn oMesh.scr" "C:\Users \user\AppD ata\Local\ TechMesh D ynamics\M" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
- cleanup
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: |
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Michael Haag: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_004062D5 | |
Source: | Code function: | 0_2_00402E18 | |
Source: | Code function: | 0_2_00406C9B | |
Source: | Code function: | 11_2_002B4005 | |
Source: | Code function: | 11_2_002B494A | |
Source: | Code function: | 11_2_002B3CE2 | |
Source: | Code function: | 11_2_002BC2FF | |
Source: | Code function: | 11_2_002BCD14 | |
Source: | Code function: | 11_2_002BCD9F | |
Source: | Code function: | 11_2_002BF5D8 | |
Source: | Code function: | 11_2_002BF735 | |
Source: | Code function: | 11_2_002BFA36 | |
Source: | Code function: | 17_2_00254005 | |
Source: | Code function: | 17_2_0025494A | |
Source: | Code function: | 17_2_0025C2FF | |
Source: | Code function: | 17_2_0025CD14 | |
Source: | Code function: | 17_2_0025CD9F | |
Source: | Code function: | 17_2_0025F5D8 | |
Source: | Code function: | 17_2_0025F735 | |
Source: | Code function: | 17_2_0025FA36 | |
Source: | Code function: | 17_2_00253CE2 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 11_2_002C29BA |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004050CD |
Source: | Code function: | 11_2_002C4830 | |
Source: | Code function: | 17_2_00264830 |
Source: | Code function: | 11_2_002C4632 |
Source: | Code function: | 0_2_004044A5 |
Source: | Code function: | 11_2_002DD164 | |
Source: | Code function: | 17_2_0027D164 |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
System Summary |
---|
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 11_2_002B4254 |
Source: | Code function: | 11_2_002A8F2E |
Source: | Code function: | 0_2_00403883 | |
Source: | Code function: | 11_2_002B5778 | |
Source: | Code function: | 17_2_00255778 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0040497C | |
Source: | Code function: | 0_2_00406ED2 | |
Source: | Code function: | 0_2_004074BB | |
Source: | Code function: | 11_2_0025B020 | |
Source: | Code function: | 11_2_002594E0 | |
Source: | Code function: | 11_2_00259C80 | |
Source: | Code function: | 11_2_002723F5 | |
Source: | Code function: | 11_2_002D8400 | |
Source: | Code function: | 11_2_00286502 | |
Source: | Code function: | 11_2_0028265E | |
Source: | Code function: | 11_2_0025E6F0 | |
Source: | Code function: | 11_2_0027282A | |
Source: | Code function: | 11_2_002889BF | |
Source: | Code function: | 11_2_002D0A3A | |
Source: | Code function: | 11_2_00286A74 | |
Source: | Code function: | 11_2_00260BE0 | |
Source: | Code function: | 11_2_0027CD51 | |
Source: | Code function: | 11_2_002AEDB2 | |
Source: | Code function: | 11_2_002B8E44 | |
Source: | Code function: | 11_2_002D0EB7 | |
Source: | Code function: | 11_2_00286FE6 | |
Source: | Code function: | 11_2_002733B7 | |
Source: | Code function: | 11_2_0027F409 | |
Source: | Code function: | 11_2_0026D45D | |
Source: | Code function: | 11_2_0026F628 | |
Source: | Code function: | 11_2_00251663 | |
Source: | Code function: | 11_2_0025F6A0 | |
Source: | Code function: | 11_2_002716B4 | |
Source: | Code function: | 11_2_002778C3 | |
Source: | Code function: | 11_2_0027DBA5 | |
Source: | Code function: | 11_2_00271BA8 | |
Source: | Code function: | 11_2_00289CE5 | |
Source: | Code function: | 11_2_0026DD28 | |
Source: | Code function: | 11_2_00271FC0 | |
Source: | Code function: | 11_2_0027BFD6 | |
Source: | Code function: | 17_2_001FB020 | |
Source: | Code function: | 17_2_001F94E0 | |
Source: | Code function: | 17_2_001F9C80 | |
Source: | Code function: | 17_2_002123F5 | |
Source: | Code function: | 17_2_00278400 | |
Source: | Code function: | 17_2_00226502 | |
Source: | Code function: | 17_2_0022265E | |
Source: | Code function: | 17_2_001FE6F0 | |
Source: | Code function: | 17_2_0021282A | |
Source: | Code function: | 17_2_002289BF | |
Source: | Code function: | 17_2_00270A3A | |
Source: | Code function: | 17_2_00226A74 | |
Source: | Code function: | 17_2_00200BE0 | |
Source: | Code function: | 17_2_0021CD51 | |
Source: | Code function: | 17_2_0024EDB2 | |
Source: | Code function: | 17_2_00258E44 | |
Source: | Code function: | 17_2_00270EB7 | |
Source: | Code function: | 17_2_00226FE6 | |
Source: | Code function: | 17_2_002133B7 | |
Source: | Code function: | 17_2_0021F409 | |
Source: | Code function: | 17_2_0020D45D | |
Source: | Code function: | 17_2_0020F628 | |
Source: | Code function: | 17_2_001F1663 | |
Source: | Code function: | 17_2_002116B4 | |
Source: | Code function: | 17_2_001FF6A0 | |
Source: | Code function: | 17_2_002178C3 | |
Source: | Code function: | 17_2_0021DBA5 | |
Source: | Code function: | 17_2_00211BA8 | |
Source: | Code function: | 17_2_00229CE5 | |
Source: | Code function: | 17_2_0020DD28 | |
Source: | Code function: | 17_2_00211FC0 | |
Source: | Code function: | 17_2_0021BFD6 |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 11_2_002BA6AD |
Source: | Code function: | 11_2_002A8DE9 | |
Source: | Code function: | 11_2_002A9399 | |
Source: | Code function: | 17_2_00248DE9 | |
Source: | Code function: | 17_2_00249399 |
Source: | Code function: | 0_2_004044A5 |
Source: | Code function: | 11_2_002B4148 |
Source: | Code function: | 0_2_004024FB |
Source: | Code function: | 11_2_002B443D |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Process created: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_004062FC |
Source: | Code function: | 11_2_00278B88 | |
Source: | Code function: | 17_2_00218B88 | |
Source: | Code function: | 17_2_0020CBF8 | |
Source: | Code function: | 17_2_0020CBF8 |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 11_2_002D59B3 | |
Source: | Code function: | 11_2_00265EDA | |
Source: | Code function: | 17_2_002759B3 | |
Source: | Code function: | 17_2_00205EDA |
Source: | Code function: | 11_2_002733B7 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 0_2_004062D5 | |
Source: | Code function: | 0_2_00402E18 | |
Source: | Code function: | 0_2_00406C9B | |
Source: | Code function: | 11_2_002B4005 | |
Source: | Code function: | 11_2_002B494A | |
Source: | Code function: | 11_2_002B3CE2 | |
Source: | Code function: | 11_2_002BC2FF | |
Source: | Code function: | 11_2_002BCD14 | |
Source: | Code function: | 11_2_002BCD9F | |
Source: | Code function: | 11_2_002BF5D8 | |
Source: | Code function: | 11_2_002BF735 | |
Source: | Code function: | 11_2_002BFA36 | |
Source: | Code function: | 17_2_00254005 | |
Source: | Code function: | 17_2_0025494A | |
Source: | Code function: | 17_2_0025C2FF | |
Source: | Code function: | 17_2_0025CD14 | |
Source: | Code function: | 17_2_0025CD9F | |
Source: | Code function: | 17_2_0025F5D8 | |
Source: | Code function: | 17_2_0025F735 | |
Source: | Code function: | 17_2_0025FA36 | |
Source: | Code function: | 17_2_00253CE2 |
Source: | Code function: | 11_2_00265D13 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 11_2_002C45D5 |
Source: | Code function: | 11_2_00265240 |
Source: | Code function: | 11_2_00285CAC |
Source: | Code function: | 0_2_004062FC |
Source: | Code function: | 11_2_002A88CD |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 11_2_0027A354 | |
Source: | Code function: | 11_2_0027A385 | |
Source: | Code function: | 17_2_0021A354 | |
Source: | Code function: | 17_2_0021A385 |
Source: | Code function: | 11_2_002A9369 |
Source: | Code function: | 11_2_00265240 |
Source: | Code function: | 11_2_002B1AC6 |
Source: | Code function: | 11_2_002B51E2 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 11_2_002A88CD |
Source: | Code function: | 11_2_002B4F1C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 11_2_0027885B |
Source: | Code function: | 11_2_00290030 |
Source: | Code function: | 11_2_00290722 |
Source: | Code function: | 11_2_0028416A |
Source: | Code function: | 0_2_00406805 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 11_2_002C696E | |
Source: | Code function: | 11_2_002C6E32 | |
Source: | Code function: | 17_2_0026696E | |
Source: | Code function: | 17_2_00266E32 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 11 Scripting | 2 Valid Accounts | 1 Windows Management Instrumentation | 11 Scripting | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 2 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Command and Scripting Interpreter | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 17 System Information Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 111 Masquerading | LSA Secrets | 31 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 4 Process Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 12 Process Injection | Proc Filesystem | 1 System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | ReversingLabs | Win32.Trojan.Leonem |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
8% | ReversingLabs | |||
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0035.t-0009.t-msedge.net | 13.107.246.63 | true | false | high | |
zaZEComvggHsSEuOVnvSMAnVIZblq.zaZEComvggHsSEuOVnvSMAnVIZblq | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1577511 |
Start date and time: | 2024-12-18 14:41:49 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ldqj18tn.exe |
Detection: | MAL |
Classification: | mal84.rans.expl.evad.winEXE@28/26@2/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56, 173.222.162.55
- Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: ldqj18tn.exe
Time | Type | Description |
---|---|---|
08:42:51 | API Interceptor | |
08:43:07 | API Interceptor | |
14:42:54 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0035.t-0009.t-msedge.net | Get hash | malicious | Cryptbot | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\704579\Organizational.pif | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
C:\Users\user\AppData\Local\TechMesh Dynamics\InnoMesh.scr | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse |
Process: | C:\Users\user\AppData\Local\Temp\704579\Organizational.pif |
File Type: | |
Category: | dropped |
Size (bytes): | 169 |
Entropy (8bit): | 4.717709271494144 |
Encrypted: | false |
SSDEEP: | 3:RiMIpGXIdPHo55wWAX+ZFk/iEkD5xAaUFJl2FZo5uWAX+ZFk/iEkD5xAaUFks:RiJBJHonwWDEnkDvxUFT2FywWDEnkDvU |
MD5: | 034B9F8454315EE228D38BA208CD5E7A |
SHA1: | 16681F9DF8D79108DDD7A5558CEC691E88F6C96B |
SHA-256: | C7C273802935E7FCA77E0983E58C1F96FD27CFD16DFB6F69EF76A8F4F6D1F047 |
SHA-512: | 5E3DDE199220DE1FF72CE94128E414EDC1DED1F70332537B1532D522D84DD289C5DBED897F83C4FED7FC67AE4DF30B718959D2A5F76130B266324E24FA0A6DDD |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\704579\Organizational.pif |
File Type: | |
Category: | dropped |
Size (bytes): | 893608 |
Entropy (8bit): | 6.62028134425878 |
Encrypted: | false |
SSDEEP: | 12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501 |
MD5: | 18CE19B57F43CE0A5AF149C96AECC685 |
SHA1: | 1BD5CA29FC35FC8AC346F23B155337C5B28BBC36 |
SHA-256: | D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD |
SHA-512: | A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\704579\Organizational.pif |
File Type: | |
Category: | dropped |
Size (bytes): | 1177035 |
Entropy (8bit): | 7.999838432083651 |
Encrypted: | true |
SSDEEP: | 24576:uWgaEyFxeBEglui3XzLBMX2rgfXG5KXZCN277jTzsc:0yFxAVumMX2rgfSKXoN277vzd |
MD5: | AB0020D503E99E956AB92579E6690327 |
SHA1: | 9E3ACD23F62F72CCABDBBCBAF21C31986FD694EA |
SHA-256: | 14A900791A0CF3D1A98491DC6E108EA1C814B41579F33851CF7A02460B9F9387 |
SHA-512: | BB2B853B050B7F778011FB9359D1E57808EB3FF3A4905679254E66C3F9C3B1FD6CC18C5589B11E96037ECCE2B4CB06B73433CDC704FD312C232AF98BBC151C6E |
Malicious: | true |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 893608 |
Entropy (8bit): | 6.62028134425878 |
Encrypted: | false |
SSDEEP: | 12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501 |
MD5: | 18CE19B57F43CE0A5AF149C96AECC685 |
SHA1: | 1BD5CA29FC35FC8AC346F23B155337C5B28BBC36 |
SHA-256: | D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD |
SHA-512: | A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1177035 |
Entropy (8bit): | 7.999838432083651 |
Encrypted: | true |
SSDEEP: | 24576:uWgaEyFxeBEglui3XzLBMX2rgfXG5KXZCN277jTzsc:0yFxAVumMX2rgfSKXoN277vzd |
MD5: | AB0020D503E99E956AB92579E6690327 |
SHA1: | 9E3ACD23F62F72CCABDBBCBAF21C31986FD694EA |
SHA-256: | 14A900791A0CF3D1A98491DC6E108EA1C814B41579F33851CF7A02460B9F9387 |
SHA-512: | BB2B853B050B7F778011FB9359D1E57808EB3FF3A4905679254E66C3F9C3B1FD6CC18C5589B11E96037ECCE2B4CB06B73433CDC704FD312C232AF98BBC151C6E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36299 |
Entropy (8bit): | 7.995142843999967 |
Encrypted: | true |
SSDEEP: | 768:hfbk8c2PiL7CZcLVF7u3yq2OvvRZ+4BKKMtwFMsKCWf+QJddWz6nHu:tSqZcv6yq2OvZJ52dIzd |
MD5: | 48EEF161688B28BF638E0EC37DABB593 |
SHA1: | DD30CC2936BD9BE8C977653FC8E0590A0A96D707 |
SHA-256: | 32873FBEC30BA467A770F8FA5D18AE9F5D30B383E1761036EC9CDF0491C9E57A |
SHA-512: | 3C76F72DF956D71E79E6BFFF54D6A8FACEE0F6A41CE0D7CD564BBFBA48B1C381A49B3C61E91BCE6C84FE172C55C791CD65665E0D26E4F7356C4457B712A788C9 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 93184 |
Entropy (8bit): | 7.998062404457295 |
Encrypted: | true |
SSDEEP: | 1536:oA8gnQiP6RbR5TZJHTPs1GZO7ktznBUDjnMTcWh3FFHkPFGUFcAw2xNhz:m3iPEhTPs1GZO7k1nwDMJ3Pkzcyp |
MD5: | 73F15B295CA059461F4CCEA25DD9A56A |
SHA1: | 0B2834B85A315A2417C7AB51842937F3AD2E34DD |
SHA-256: | CF1527A390FE3B945F60BA46F139D5EFCC8B20712A6388FE0FF99CAD6B661CF8 |
SHA-512: | 31A459460A7D1C65AFFE2E085AC3835BF2C40EF0112F3C11AD6821B56A452B1EA53F5BF31FE2C83DBDE689D381506E54729BC515DA8E8F86BF6AE1F0785DB0CE |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 7.997963539367384 |
Encrypted: | true |
SSDEEP: | 1536:Getdq5yUrLGdyN60kxmcPu37oudLvidDCG4jx3yF8+Z3v8jdUU1tq00toMT:GetdqnidyNdmRGc2L+CcF8+Z0xUU1tqX |
MD5: | 75257307B8D4D5B354711B1AFB9807B9 |
SHA1: | F61C1599DEA1E8BCA46CF7176F5C367FC6C682F9 |
SHA-256: | 7F34EA53E7774CE8455BF3EC2F6A38CA870740B05D866073ABF8738874212DE1 |
SHA-512: | B1317965AADC83E85CE16A839FAD180AC2BF0356BA305D1D14D33E22ECE8B7980CB5C9543E40B5C6830F626749AC233E4C2CB6A925DC72A8F85C49BD5FD67BDC |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 96256 |
Entropy (8bit): | 7.998514868354388 |
Encrypted: | true |
SSDEEP: | 1536:IvdYLR3NuhKqrKEN3tMdLgN/AfOTtbxaKiA9G0FnCerGGg/WTEFiIeHrygOI+T:IvdeRq39Mpg+fO/7ieGACmgyEF8ZOx |
MD5: | C4E8EDFE5D08067625B63F23C2E8FB8A |
SHA1: | D76FA360F0FE278C791442E9208A591C86476AF3 |
SHA-256: | B5638AA2E4141715075A21BA1D69D2E8B53E5CF055564C9E2B80E20A5340A766 |
SHA-512: | 1AB6204134558D8AA28D43E7B860B57FAC12DA3F653A34FB5892D9241B04E7CBFFF3B5F8F8C2623F7354D0F9DF1078B19532F64CBD029D2D32B4D17863BD345F |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13560 |
Entropy (8bit): | 5.152446332556762 |
Encrypted: | false |
SSDEEP: | 384:vA5nkQWyUEMHlWiSDhV5qRwcbar5DrwcqEw/D486HsT2pn:vAVk5yUZHlWiSDDTrBrfqjc8wRpn |
MD5: | D85FE4F4F91482191B18B60437C1944D |
SHA1: | C639206AD03A4FCC600CE0F7F3D5F83AD1F505A1 |
SHA-256: | 55941822431D9EB34DEAEF5917640E119FCD746F2D3985E211A2FF4A9C48FF92 |
SHA-512: | BD5E46C10DEC7D40E0151DABB28C77B077CE9BC2B853B01DECBCD296F6269051A01115C349DC094BBCF14153A13395FC7E5AB74DD53EB5B2DFBC4BF856692B09 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13560 |
Entropy (8bit): | 5.152446332556762 |
Encrypted: | false |
SSDEEP: | 384:vA5nkQWyUEMHlWiSDhV5qRwcbar5DrwcqEw/D486HsT2pn:vAVk5yUZHlWiSDDTrBrfqjc8wRpn |
MD5: | D85FE4F4F91482191B18B60437C1944D |
SHA1: | C639206AD03A4FCC600CE0F7F3D5F83AD1F505A1 |
SHA-256: | 55941822431D9EB34DEAEF5917640E119FCD746F2D3985E211A2FF4A9C48FF92 |
SHA-512: | BD5E46C10DEC7D40E0151DABB28C77B077CE9BC2B853B01DECBCD296F6269051A01115C349DC094BBCF14153A13395FC7E5AB74DD53EB5B2DFBC4BF856692B09 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 7.997721698642565 |
Encrypted: | true |
SSDEEP: | 1536:YReT3S6RaPlwij6WqGnCf/x9TkXGr8nwvp1aYzERXM7Wi:48hRGwlGS/8XGr8n2pBgXXi |
MD5: | 7B60F0D191C0904F3F5BE40433D86F73 |
SHA1: | E6B09A6670797332B8861FC93F44DA7CF224BBCB |
SHA-256: | AA1CC0C31C1C15CCFF224BA06596D8DEF6F510280F077BA201650F18B0D67D90 |
SHA-512: | 1D8FF33C53794E3467968F747172DBFDC362E99E24CE6652A0860FE4094D5A861ED2E2C307577FE033AF39836268BC6EF2CDB331AE8FB3B58F2FC7A3EBA257A8 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69632 |
Entropy (8bit): | 7.997194265654002 |
Encrypted: | true |
SSDEEP: | 1536:v+pxZi1WY75TwdFzkQIfiLiR5fARQvjc9fdWx3L4wRrvTkTppGc:v0S5Jk+QIKirYaQpUx39c |
MD5: | EFF591562D9AEA14D2872367F7B7103E |
SHA1: | 464E462445DC343E316FFCB6B29234C446D0A064 |
SHA-256: | 5482A9A3B48354EB14C55DDB9E2595E79B03615C93464FD0F5FDD6E208AF4F82 |
SHA-512: | C75FA0300B30B71DE261982BE233E41A96E00E0B83FA4A9AD163FD3E740B1A2EFAC99435A1887459F6234F6BDE7ED5D9D53C1B26AE4F0414561A03E38AFCDCDD |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59392 |
Entropy (8bit): | 7.996765889888764 |
Encrypted: | true |
SSDEEP: | 1536:awFUJIg3MqmVC8RUIvzJb+OriV7i8svKR5L8LXaIBMm83qclL:bUKg3pmVC8Rl+Zt1qIeeoG3qc5 |
MD5: | 0B20ABB260FC790E78F84A960314499D |
SHA1: | 631654EB5A843F48D7D4F75A95305CF738A92500 |
SHA-256: | 7491C99CCA33B24B2F8BD2EA72561D60154E51142796C28A46D32C2DB5E972B1 |
SHA-512: | 6CA15FD999A40CF37AF80A2BA79A5ADC45F997D978B8051CF3D0C858AB26C2DED9D6CFAEDECAE1DDAAF1AFCEE2B9B72FF6E38064B8AECEF3BD4AC4314BDAA43D |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54272 |
Entropy (8bit): | 7.996455408231238 |
Encrypted: | true |
SSDEEP: | 768:872ws5O3wKoSCM0ZV4EdtkFb5iezgE6kZn3RKcZweWZvNB+0EQuHmEchpW77Q2xB:C2xuDVC7s4eIsnB5ZwbNNsOEq245q1b |
MD5: | 24548BC705858B908DF8590C42555E34 |
SHA1: | DC16D01B52B94E0BFA33BF8124F8E55ABE1720A6 |
SHA-256: | B15854B830337EF3DB8458995B59B02037839D4C7D2EEB69124344E29AE77671 |
SHA-512: | F3C5D612BE5784B73255F5A0380E38FE116BC39D3B261582CB748C91CA098AD02D25DDDEAA57216F0B7E30589F3FA296E2945D8C4A3C04CC347AB0187EF08834 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 101376 |
Entropy (8bit): | 7.997914373248418 |
Encrypted: | true |
SSDEEP: | 1536:1H16MKOSG3fStcKwt97Fr6dj4go6KzouYbHYqEVSBjAFYI26wf9kp9ZB2lyDNumy:PxaG3atO77FedscQcYLfYN6wM7PO8E |
MD5: | 25AA98D5EF3952A5A0BFF32301C09AD8 |
SHA1: | 569DD803FC9CFFA01C159C650648A3F627635000 |
SHA-256: | 3377FF0A28AC9AD8BA3C164CE29503AB3E4BE2632978BC519859B59B3C9E6A16 |
SHA-512: | 5C260F85F498D04E8F9CBFDF63521A86D69E8E60F2E5971CA3F95559B444B791F3F47C403D84193FF84C962214FF57ED9D6710AAA4059F78406AB220BC23371E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 7.997269818226767 |
Encrypted: | true |
SSDEEP: | 1536:MXrI/MNgZ4Og0Rjihiu9qxwil6DIFcNZe:MXrI/fKYo6eZe |
MD5: | 1C80BC738D8205B5D4C2B2445CBB31F0 |
SHA1: | 253BEC88BE97A71788D6152908CDBA73E55B46A3 |
SHA-256: | 492E8EE10FE8D95577C96FF4CE184DF20560207DF7D1631948328B960434FA61 |
SHA-512: | 1F299A0C55197C780D65D00909447EBCD5703EF9426AA6844C2897D572B3AAF555C2ED20C5BBDA965C8B25232F5A79DCF749417DF7915A60E6621DD1E16BF6EE |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5636 |
Entropy (8bit): | 6.0876490146743425 |
Encrypted: | false |
SSDEEP: | 96:kfkxgUzr4tgOwVAfBzDICS09CAi6R7u+IhsObfS+NsPvj6ooxdofjxP3yGj1H034:smHAeOqAFDw09CV/2nPvj6DdMP3r1HI4 |
MD5: | 598774EC6001A83BC8A24565E2A908BB |
SHA1: | 503438709CF002913D96E2A7EF51325B0605A64E |
SHA-256: | 79749AF598CD4506AD7AEFE35BA2CB8AC24CE4961E225E5DF345A95304AF1678 |
SHA-512: | 0BDE914E7AFA80DFCEBA929C53C239FEAF0C21200C245D606CFFBF8E9AF1525F57B21E96F003DC4C4EC29120C641598CEA6EFB51530D542C83B989202E31A670 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 87040 |
Entropy (8bit): | 7.9979586106795955 |
Encrypted: | true |
SSDEEP: | 1536:1w4kfylR3M4LxsCKKb5y+IWYzr0V0Ni6NNq6wOydrqcSusn+WLjkZeYctHeYIlhk:1/kaozzKNy+6PBhzwOGrBsn+WLjkZeu4 |
MD5: | 7B0DEE84D05813B43B680C8FEAED52DF |
SHA1: | 6831401C9BDB63B42E6AE66B5B3A619A81BC07F4 |
SHA-256: | CC15CDF080BFC8C16B669782B545C9FF15633ADA54809FCF6BE8311E1EF684EE |
SHA-512: | 921D7B873A99C0665F32AAC000CEBBE3BF6A0D9CB8D82E6305083EFE57023971613EBB32956476DAE3ED7DCD71C7796F75D12A1840B1928845E47AA3645211C9 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59392 |
Entropy (8bit): | 7.99700719991649 |
Encrypted: | true |
SSDEEP: | 1536:kSgReDsZ2S57pfLb2Uf5c5saqKuvaRt4pn/GoUVjSoKgLWmHjJlym:kSZopbSpqKuk2puHgoKgLBHjJgm |
MD5: | C9E306D19DEF703774D08975E553263B |
SHA1: | 8AB1DE74C5C1A45ABB93D0996C6D58F1530D4A4D |
SHA-256: | E2CC14D5C33F5A9799D81683F017914C0C568FF4F634D5CDAA69DC086C01F88E |
SHA-512: | 8CEA19182FCEEDF07C81A7E5C9ED35E17591484C7BA4728EC65737E7E2ECFAFD288E656E036BF74E52E20EDED358223E058F5DEB8D9FF435EFB1B00FD94B51BA |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 7.996397386083232 |
Encrypted: | true |
SSDEEP: | 1536:VDObOdYwNIGtwKnEscdKdnZ715rJVe6LODXFxLU:VDNdE4w6KC35DeXXFxQ |
MD5: | 26BFCB75C4F0FF69CEDE2EAEF6CBEC06 |
SHA1: | 41D437AAAC0ACAA0D98C4FDA6586A61979B25F13 |
SHA-256: | 7BE8B9F51B43F525D0140EDC5502BE3A6E7BCBD876DDDE442FABAD43B6D19B36 |
SHA-512: | 126740665893FC6F775A8BF31CA7CC243CFE26A84A61752BADAA684DD156E08D6F473AF7F0C9796A8062C8A67AD873B0AA9DFC44679C84C4CC83ECFB63317381 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 97280 |
Entropy (8bit): | 7.998052732299105 |
Encrypted: | true |
SSDEEP: | 1536:Ni5X/n8JL88Im4dSgQ3QDLTTWWzDO2Phn3TYXY/EuESYwOOJltjb2It6rc8/NyS:NMXf898Fm4d6ADnTBzD1P2I/ECxLJlxi |
MD5: | 2B1531C3961A12A05168DDBEC6DE9351 |
SHA1: | BF02E49064C0B97400F5E54A588D02B584D0E700 |
SHA-256: | 6A1F12DCAB292378358F48014D0078407B2A141237BD7B318A83539497346FB5 |
SHA-512: | 5DB2C782FC950BBD409A551BBA32708A5A22B78779D92DAAF9C56B73B94CA8478493B15784FDE711292E87399A06C51D5898179E4B5302A0531492F330F73C57 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66560 |
Entropy (8bit): | 7.9971208270762375 |
Encrypted: | true |
SSDEEP: | 1536:otshYdm8KllFFnGuyxeOFGpQMpItjKYvvOfPWE:qmNllvgLGpQhDvPE |
MD5: | 91880DAFDBDDDD3A7BECE82040731293 |
SHA1: | B2D53F9DCB1D79F5CAE8B20604CD22DAA223287D |
SHA-256: | 30B0CD78DBFB69528322CBD789347159AE4756A7667B889FDEF022ACC468A658 |
SHA-512: | FDE9B03522B27033E88371270D4491DF43A5B347F20221E7932548E9565BCDC08A8B7294C62F5CCDE1AAB0236061E13D675B3D1A213CD79384FC1E50ABE46B82 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 7.997070878978732 |
Encrypted: | true |
SSDEEP: | 1536:8cYTYhic0cJIiMbRTPZBQD3z7nYIDoncF8OZ3ChB:8cYTY8x/OgIsciOuB |
MD5: | 597F565834790C594B894C61459C3DFB |
SHA1: | D47C91AFE8F194C45055622801148DE7D83A3907 |
SHA-256: | 91A36419B02C0BEE19EE66AE6DF90302AC6B64BD15D1DB74BC6682DCC03CBD17 |
SHA-512: | 2AFDB76CCAAD9995317F53886B638800743D88B8007D89E47B45706757BBA421A8C1624592E64FFB73520B5BF26D5AC4A68CD2FFE7A4F5E8ED27F943A2DD5AF6 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\ldqj18tn.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 887994 |
Entropy (8bit): | 6.622324410902026 |
Encrypted: | false |
SSDEEP: | 12288:SV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:wxz1JMyyzlohMf1tN70aw8501 |
MD5: | 480B699995A5B0B846D54973B83DB3E7 |
SHA1: | 92241BB78A7A8769719D0045621C853F628F9495 |
SHA-256: | 8615162D4D1718863A131FF5E242884922AA463FE2D6B48BD8CEADD9F519CF5F |
SHA-512: | 83495FC821564E92C90CBDFF7C7F52D6AE6A9367C9845312231E84D0246110E095358EAD78427F4A6AD9A7276D4CEE538C7C753876FA087C8918B24C1CC1A176 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InnoMesh.url
Download File
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 89 |
Entropy (8bit): | 4.909910437300207 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQaFyw3pYoMERE2J5xAGNohFMhWlc:HRYF5yjoFi23RNUFMr |
MD5: | F795B669B93704F72038CC30D21E74BE |
SHA1: | E6A488CD4A9E94DB5E68754EAAE4F47B6957BC73 |
SHA-256: | F728B132B86B76EFB10B8FFC38D630A1B331C2D83C61B30F12E614119E2B1051 |
SHA-512: | 55422C48D41C24BA3F914B13F03F9975037D18E6FC689814E3FB5D6B60C1EBD0A581D012903238458950EF13ECA568C6E0D8D892830D42419F4B880F01757B1A |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.988870164236672 |
TrID: |
|
File name: | ldqj18tn.exe |
File size: | 1'656'911 bytes |
MD5: | 574ab8397d011243cb52bef069bad2dc |
SHA1: | 1e1cf543bb08113fec19f9d5b9c1df25ed9232f6 |
SHA256: | b376d8b2108027a42534314eb5d82a70b06984c7dca8e91df66d00f5c6e91f20 |
SHA512: | c3e3f7809e5540bdd59a0cd62e0c718aa024355952f7062aac9eb4b7f40009ac97072962f9799a2dd4e2194e7a8d4df8dd4636306ecb7fee6481f6befb684702 |
SSDEEP: | 49152:iEVxqQJAyCoZxV/yPHZIQDjLO7MFVrbMwjK:iSxVJA7ofVGHiMjCMFJAwW |
TLSH: | 5375338CF9972D12D68E2BBB613291505BF87D7704B6D4EBD705D81EB23629028CDB23 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8..... |
Icon Hash: | c1c0e4ccdcc4c4dc |
Entrypoint: | 0x403883 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | be41bf7b8cc010b614bd36bbca606973 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push ebp |
push esi |
push edi |
push 00000020h |
xor ebp, ebp |
pop esi |
mov dword ptr [esp+18h], ebp |
mov dword ptr [esp+10h], 00409268h |
mov dword ptr [esp+14h], ebp |
call dword ptr [00408030h] |
push 00008001h |
call dword ptr [004080B4h] |
push ebp |
call dword ptr [004082C0h] |
push 00000008h |
mov dword ptr [00472EB8h], eax |
call 00007FC43CFBC70Bh |
push ebp |
push 000002B4h |
mov dword ptr [00472DD0h], eax |
lea eax, dword ptr [esp+38h] |
push eax |
push ebp |
push 00409264h |
call dword ptr [00408184h] |
push 0040924Ch |
push 0046ADC0h |
call 00007FC43CFBC3EDh |
call dword ptr [004080B0h] |
push eax |
mov edi, 004C30A0h |
push edi |
call 00007FC43CFBC3DBh |
push ebp |
call dword ptr [00408134h] |
cmp word ptr [004C30A0h], 0022h |
mov dword ptr [00472DD8h], eax |
mov eax, edi |
jne 00007FC43CFB9CDAh |
push 00000022h |
pop esi |
mov eax, 004C30A2h |
push esi |
push eax |
call 00007FC43CFBC0B1h |
push eax |
call dword ptr [00408260h] |
mov esi, eax |
mov dword ptr [esp+1Ch], esi |
jmp 00007FC43CFB9D63h |
push 00000020h |
pop ebx |
cmp ax, bx |
jne 00007FC43CFB9CDAh |
add esi, 02h |
cmp word ptr [esi], bx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9b34 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf4000 | 0x2f3a | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x191be7 | 0x2868 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7a000 | 0x964 | .ndata |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6dae | 0x6e00 | 00499a6f70259150109c809d6aa0e6ed | False | 0.6611150568181818 | data | 6.508529563136936 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x2a62 | 0x2c00 | 07990aaa54c3bc638bb87a87f3fb13e3 | False | 0.3526278409090909 | data | 4.390535020989255 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xb000 | 0x67ebc | 0x200 | 014871d9a00f0e0c8c2a7cd25606c453 | False | 0.203125 | data | 1.4308602597540492 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x73000 | 0x81000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xf4000 | 0x2f3a | 0x3000 | c15fab2d5ae919ed0bc47dbc7b92bcf1 | False | 0.5292154947916666 | data | 5.37146345911248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xf7000 | 0xf32 | 0x1000 | c37dbd85adbacba5815fd64300b19e35 | False | 0.5908203125 | data | 5.4190090723243225 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xf41d8 | 0x2668 | Device independent bitmap graphic, 48 x 96 x 32, image size 9792 | English | United States | 0.5450569568755086 |
RT_DIALOG | 0xf6840 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0xf6940 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0xf6a5c | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0xf6abc | 0x14 | data | English | United States | 1.1 |
RT_VERSION | 0xf6ad0 | 0x194 | OpenPGP Secret Key | English | United States | 0.5693069306930693 |
RT_MANIFEST | 0xf6c64 | 0x2d6 | XML 1.0 document, ASCII text, with very long lines (726), with no line terminators | English | United States | 0.5647382920110193 |
DLL | Import |
---|---|
KERNEL32.dll | SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW |
USER32.dll | GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 18, 2024 14:42:52.571007013 CET | 49357 | 53 | 192.168.2.10 | 1.1.1.1 |
Dec 18, 2024 14:42:52.805532932 CET | 53 | 49357 | 1.1.1.1 | 192.168.2.10 |
Dec 18, 2024 14:43:08.505074024 CET | 61757 | 53 | 192.168.2.10 | 1.1.1.1 |
Dec 18, 2024 14:43:08.644860983 CET | 53 | 61757 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 18, 2024 14:42:52.571007013 CET | 192.168.2.10 | 1.1.1.1 | 0xb36a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 14:43:08.505074024 CET | 192.168.2.10 | 1.1.1.1 | 0x36d7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 18, 2024 14:42:43.776007891 CET | 1.1.1.1 | 192.168.2.10 | 0x258 | No error (0) | s-part-0035.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 18, 2024 14:42:43.776007891 CET | 1.1.1.1 | 192.168.2.10 | 0x258 | No error (0) | 13.107.246.63 | A (IP address) | IN (0x0001) | false | ||
Dec 18, 2024 14:42:52.805532932 CET | 1.1.1.1 | 192.168.2.10 | 0xb36a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Dec 18, 2024 14:43:08.644860983 CET | 1.1.1.1 | 192.168.2.10 | 0x36d7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:42:44 |
Start date: | 18/12/2024 |
Path: | C:\Users\user\Desktop\ldqj18tn.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'656'911 bytes |
MD5 hash: | 574AB8397D011243CB52BEF069BAD2DC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 08:42:47 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 08:42:47 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff620390000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:42:48 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\tasklist.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7b0000 |
File size: | 79'360 bytes |
MD5 hash: | 0A4448B31CE7F83CB7691A2657F330F1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 08:42:48 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8b0000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 08:42:48 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\tasklist.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7b0000 |
File size: | 79'360 bytes |
MD5 hash: | 0A4448B31CE7F83CB7691A2657F330F1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 08:42:48 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8b0000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 08:42:49 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 08:42:49 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8b0000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 08:42:49 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 08:42:49 |
Start date: | 18/12/2024 |
Path: | C:\Users\user\AppData\Local\Temp\704579\Organizational.pif |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 893'608 bytes |
MD5 hash: | 18CE19B57F43CE0A5AF149C96AECC685 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | moderate |
Has exited: | false |
Target ID: | 12 |
Start time: | 08:42:50 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\choice.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 28'160 bytes |
MD5 hash: | FCE0E41C87DC4ABBE976998AD26C27E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 08:42:51 |
Start date: | 18/12/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 08:42:51 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff620390000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 08:43:03 |
Start date: | 18/12/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a0a30000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 08:43:03 |
Start date: | 18/12/2024 |
Path: | C:\Users\user\AppData\Local\TechMesh Dynamics\InnoMesh.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 893'608 bytes |
MD5 hash: | 18CE19B57F43CE0A5AF149C96AECC685 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Has exited: | false |
Execution Graph
Execution Coverage: | 18.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 21.4% |
Total number of Nodes: | 1474 |
Total number of Limit Nodes: | 32 |
Graph
Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403859 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004028D3 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 100registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 4.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 189 |
Graph
Function 00265240 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 147windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3CE2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00265D13 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025B020 Relevance: 5.6, APIs: 3, Instructions: 1146COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B494A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002594E0 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025BC70 Relevance: 50.4, APIs: 22, Strings: 6, Instructions: 1379sleeptimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002533E8 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 69windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00253411 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00262FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0026514C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C5E1D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002656F8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117windowCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025AAAA Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002552B0 Relevance: 7.6, APIs: 5, Instructions: 99windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00251284 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00270FE6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3F1D Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CD1C6 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002659D3 Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0027593C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CE139 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00270E38 Relevance: 3.1, APIs: 2, Instructions: 94processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00265F8B Relevance: 3.1, APIs: 2, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002642F9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00275E80 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00265AC3 Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CC355 Relevance: 1.8, APIs: 1, Instructions: 288COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025A820 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025D679 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0026343F Relevance: 1.6, APIs: 1, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0026410A Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0028E2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002649C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0028E3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264220 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00261A36 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AFEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B7C7F Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264A8C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264AB2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002709C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4D18 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B394D Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3EF7 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002642AE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4FEC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0027547B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BD6BE Relevance: 1.4, APIs: 1, Instructions: 198COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BC270 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002642CF Relevance: 1.3, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DD164 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BF5D8 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 119fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BCD9F Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D0EB7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BF735 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 112fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C4830 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BFA36 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B5778 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C696E Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00251663 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BC2FF Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D59B3 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9399 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4254 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4F1C Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BA6AD Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A8DE9 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B51E2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9369 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00290722 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0027A354 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D3BA9 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DABFF Relevance: 49.8, APIs: 33, Instructions: 274COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00252FE8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C7B95 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DA041 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D8FFA Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D4ECC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00252BA9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 286windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D441F Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C56C8 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AB13A Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DA7DE Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DCCA6 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B82D5 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D49CF Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BE25D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002523F7 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 170timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B0065 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BA832 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DC854 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C7A04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B9710 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A83FA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4C0C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B5530 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BDBD0 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002ACE00 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00252581 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D7777 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D7AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00277030 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C8AA5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B34DD Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9B47 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9C32 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9D1B Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C8F95 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025AD98 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002531F6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DC634 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C20E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9330 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D8C6A Relevance: 13.7, APIs: 9, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AA226 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D73A5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B47E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00252E2B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B7681 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D67F8 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AC748 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00251800 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B5BB8 Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D78B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D68F2 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AE287 Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AE360 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D7BF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00279D16 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002741B9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0027428E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025218F Relevance: 9.3, APIs: 6, Instructions: 254COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B6A73 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AF688 Relevance: 9.2, APIs: 6, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B29B1 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00251B41 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DBD10 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C7788 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9431 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A91CF Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AC329 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DC552 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B77EB Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A954A Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B323D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B2EFA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9A48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D6A0C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B7357 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B7425 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AAC05 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CF23E Relevance: 7.7, APIs: 5, Instructions: 247COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BEBB4 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DA67B Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DB7BD Relevance: 7.6, APIs: 5, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C6138 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002516CF Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AC837 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B504E Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A8E20 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B57FF Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A7D28 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A8CC7 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A8D28 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025178C Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AA3AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D79FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D81B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D72D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D7D33 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D6F45 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CC6D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264B77 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00264BAA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D1447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002655F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C97CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CE713 Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C877D Relevance: 6.3, APIs: 4, Instructions: 267COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A814E Relevance: 6.2, APIs: 4, Instructions: 231COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A749B Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0027492A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AA638 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C6B05 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D8E76 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DB1A9 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D552B Relevance: 6.1, APIs: 4, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DCB40 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00270BC0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9274 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D634E Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002AE45A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B4365 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C6A54 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025166C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A96F9 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00252111 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B1941 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DB937 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DBCA7 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B7195 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002DC3C4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002525F4 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A9330 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00290679 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0029068D Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002BB5EF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0025E00D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D8096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C2C5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3049 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002D6CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002B3156 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C28A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C8475 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A99BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A98B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A993A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002A8892 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00265800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|