Windows
Analysis Report
Setup.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Setup.exe (PID: 6660 cmdline:
"C:\Users\ user\Deskt op\Setup.e xe" MD5: 1BB77FC90FBA4C11EB12606D8721FE21)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["discokeyus.lat", "energyaffai.lat", "sustainskelet.lat", "rapeflowwj.lat", "crosshuaht.lat", "grannyejh.lat", "aspecteirs.lat", "locketplyxx.click", "necklacebudi.lat"], "Build id": "jMw1IE--BARNI"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 2 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:22.671287+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:25.053250+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:27.939198+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49723 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:30.702383+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49729 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:33.585636+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49739 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:36.153334+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49744 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:38.218323+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49750 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:40.617746+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49756 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:46.606714+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49763 | 194.58.112.174 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:23.814971+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:26.335952+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:41.667755+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 49756 | 172.67.151.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:23.814971+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:26.335952+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:39.377234+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49750 | 172.67.151.193 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00B87018 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_01477128 | |
Source: | Code function: | 0_2_01498016 | |
Source: | Code function: | 0_2_01467086 | |
Source: | Code function: | 0_2_01467086 | |
Source: | Code function: | 0_2_0146B300 | |
Source: | Code function: | 0_2_01476332 | |
Source: | Code function: | 0_2_0148B3E6 | |
Source: | Code function: | 0_2_0147E243 | |
Source: | Code function: | 0_2_0148D2C5 | |
Source: | Code function: | 0_2_0148D2C5 | |
Source: | Code function: | 0_2_0148D2BE | |
Source: | Code function: | 0_2_0148D2BE | |
Source: | Code function: | 0_2_0147B546 | |
Source: | Code function: | 0_2_0147B546 | |
Source: | Code function: | 0_2_01498516 | |
Source: | Code function: | 0_2_01478599 | |
Source: | Code function: | 0_2_0147E5A6 | |
Source: | Code function: | 0_2_0146B5A1 | |
Source: | Code function: | 0_2_0149B5B4 | |
Source: | Code function: | 0_2_01487416 | |
Source: | Code function: | 0_2_014894FF | |
Source: | Code function: | 0_2_0148E779 | |
Source: | Code function: | 0_2_0149A736 | |
Source: | Code function: | 0_2_0149A736 | |
Source: | Code function: | 0_2_0149E7C6 | |
Source: | Code function: | 0_2_0149B7A2 | |
Source: | Code function: | 0_2_01483666 | |
Source: | Code function: | 0_2_0149B6B6 | |
Source: | Code function: | 0_2_01484948 | |
Source: | Code function: | 0_2_014799E6 | |
Source: | Code function: | 0_2_0148A9FA | |
Source: | Code function: | 0_2_014879A6 | |
Source: | Code function: | 0_2_014879A6 | |
Source: | Code function: | 0_2_01483B66 | |
Source: | Code function: | 0_2_01498BC8 | |
Source: | Code function: | 0_2_01468BE6 | |
Source: | Code function: | 0_2_01468BE6 | |
Source: | Code function: | 0_2_0147FA46 | |
Source: | Code function: | 0_2_01494A46 | |
Source: | Code function: | 0_2_0146EA5A | |
Source: | Code function: | 0_2_0149BA72 | |
Source: | Code function: | 0_2_01488ACA | |
Source: | Code function: | 0_2_0146ED14 | |
Source: | Code function: | 0_2_0146ED14 | |
Source: | Code function: | 0_2_0149DC46 | |
Source: | Code function: | 0_2_01463C56 | |
Source: | Code function: | 0_2_01489CCF | |
Source: | Code function: | 0_2_0148DF14 | |
Source: | Code function: | 0_2_0148CF21 | |
Source: | Code function: | 0_2_0148DFEB | |
Source: | Code function: | 0_2_0148DFFA | |
Source: | Code function: | 0_2_0148DFA8 | |
Source: | Code function: | 0_2_01487E06 | |
Source: | Code function: | 0_2_01489EE1 | |
Source: | Code function: | 0_2_01489EE1 | |
Source: | Code function: | 0_2_0148AEB2 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00B8D0F5 |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_014AC059 |
Source: | Code function: | 0_2_00BE7B56 | |
Source: | Code function: | 0_2_00CB50E0 | |
Source: | Code function: | 0_2_00CC21C1 | |
Source: | Code function: | 0_2_00BE91EF | |
Source: | Code function: | 0_2_00BE813E | |
Source: | Code function: | 0_2_00CC22E5 | |
Source: | Code function: | 0_2_00B624B0 | |
Source: | Code function: | 0_2_00BA655F | |
Source: | Code function: | 0_2_00B967EE | |
Source: | Code function: | 0_2_00CC0749 | |
Source: | Code function: | 0_2_00BE78F5 | |
Source: | Code function: | 0_2_00CC29DB | |
Source: | Code function: | 0_2_00BAB932 | |
Source: | Code function: | 0_2_00CADA7D | |
Source: | Code function: | 0_2_00B7ECCD | |
Source: | Code function: | 0_2_00CA9D8C | |
Source: | Code function: | 0_2_00BE7E9B | |
Source: | Code function: | 0_2_00BEAEE4 | |
Source: | Code function: | 0_2_00B61E20 | |
Source: | Code function: | 0_2_014AC059 | |
Source: | Code function: | 0_2_01460299 | |
Source: | Code function: | 0_2_01487140 | |
Source: | Code function: | 0_2_0146C106 | |
Source: | Code function: | 0_2_01497116 | |
Source: | Code function: | 0_2_01477128 | |
Source: | Code function: | 0_2_0147D1DC | |
Source: | Code function: | 0_2_0146D048 | |
Source: | Code function: | 0_2_0149E066 | |
Source: | Code function: | 0_2_01460000 | |
Source: | Code function: | 0_2_01482006 | |
Source: | Code function: | 0_2_0147A016 | |
Source: | Code function: | 0_2_01498016 | |
Source: | Code function: | 0_2_01465036 | |
Source: | Code function: | 0_2_0147F0C6 | |
Source: | Code function: | 0_2_01467086 | |
Source: | Code function: | 0_2_01470326 | |
Source: | Code function: | 0_2_01466336 | |
Source: | Code function: | 0_2_01492256 | |
Source: | Code function: | 0_2_0147220D | |
Source: | Code function: | 0_2_0149021C | |
Source: | Code function: | 0_2_01496213 | |
Source: | Code function: | 0_2_0148D2C5 | |
Source: | Code function: | 0_2_01464296 | |
Source: | Code function: | 0_2_0148D2BE | |
Source: | Code function: | 0_2_0149A2B6 | |
Source: | Code function: | 0_2_0147B546 | |
Source: | Code function: | 0_2_0146E518 | |
Source: | Code function: | 0_2_014675D6 | |
Source: | Code function: | 0_2_014775D9 | |
Source: | Code function: | 0_2_01497426 | |
Source: | Code function: | 0_2_0147F4F6 | |
Source: | Code function: | 0_2_0149E4A6 | |
Source: | Code function: | 0_2_0149A736 | |
Source: | Code function: | 0_2_0149E7C6 | |
Source: | Code function: | 0_2_01483666 | |
Source: | Code function: | 0_2_01464636 | |
Source: | Code function: | 0_2_01467976 | |
Source: | Code function: | 0_2_014829E6 | |
Source: | Code function: | 0_2_0146D9AF | |
Source: | Code function: | 0_2_014879A6 | |
Source: | Code function: | 0_2_0146A866 | |
Source: | Code function: | 0_2_01496866 | |
Source: | Code function: | 0_2_01495812 | |
Source: | Code function: | 0_2_0147F826 | |
Source: | Code function: | 0_2_014738D6 | |
Source: | Code function: | 0_2_014868F1 | |
Source: | Code function: | 0_2_0149EB06 | |
Source: | Code function: | 0_2_01468BE6 | |
Source: | Code function: | 0_2_0147FA46 | |
Source: | Code function: | 0_2_0149AA76 | |
Source: | Code function: | 0_2_01480A26 | |
Source: | Code function: | 0_2_01496AC6 | |
Source: | Code function: | 0_2_0146ED14 | |
Source: | Code function: | 0_2_01486DD6 | |
Source: | Code function: | 0_2_01490C66 | |
Source: | Code function: | 0_2_0146AC16 | |
Source: | Code function: | 0_2_01472CEC | |
Source: | Code function: | 0_2_0147DF5C | |
Source: | Code function: | 0_2_0148DF14 | |
Source: | Code function: | 0_2_0148CF21 | |
Source: | Code function: | 0_2_01496FC6 | |
Source: | Code function: | 0_2_0148DFEB | |
Source: | Code function: | 0_2_0148DFFA | |
Source: | Code function: | 0_2_0148CF81 | |
Source: | Code function: | 0_2_0148DFA8 | |
Source: | Code function: | 0_2_0147EE46 | |
Source: | Code function: | 0_2_01469E56 | |
Source: | Code function: | 0_2_0149EE66 | |
Source: | Code function: | 0_2_01467E06 | |
Source: | Code function: | 0_2_01491E37 | |
Source: | Code function: | 0_2_0146DE89 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_014609A9 |
Source: | Code function: | 0_2_00B772D1 |
Source: | Code function: | 0_2_00B6B089 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00BE7B56 |
Source: | Code function: | 0_2_00CA7914 | |
Source: | Code function: | 0_2_00CA7A79 | |
Source: | Code function: | 0_2_0146B769 | |
Source: | Code function: | 0_2_0149A694 | |
Source: | Code function: | 0_2_0148EBBF | |
Source: | Code function: | 0_2_0149CFF9 |
Source: | Code function: | 0_2_00B8DAFA | |
Source: | Code function: | 0_2_00B9EF5C |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00B87018 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00CAC43B |
Source: | Code function: | 0_2_00B65C23 |
Source: | Code function: | 0_2_00BE7B56 |
Source: | Code function: | 0_2_00CB8843 | |
Source: | Code function: | 0_2_00CBAF0A | |
Source: | Code function: | 0_2_01460299 | |
Source: | Code function: | 0_2_01460859 | |
Source: | Code function: | 0_2_01460C09 | |
Source: | Code function: | 0_2_01460EA8 | |
Source: | Code function: | 0_2_01460EA9 |
Source: | Code function: | 0_2_00CAC43B | |
Source: | Code function: | 0_2_00CA7D39 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00B77B46 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00CA8054 |
Source: | Code function: | 0_2_00CBB7D6 |
Source: | Code function: | 0_2_00B645F7 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Input Capture | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | 11 Input Capture | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 141 Security Software Discovery | SMB/Windows Admin Shares | 41 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 11 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 12 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 34 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse | ||
8% | ReversingLabs | Win32.Malware.Generic |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
locketplyxx.click | 172.67.151.193 | true | true | unknown | |
neqi.shop | 194.58.112.174 | true | false | unknown | |
klipcatepiu0.shop | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true | unknown | ||
false | high | ||
false | high | ||
true | unknown | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.151.193 | locketplyxx.click | United States | 13335 | CLOUDFLARENETUS | true | |
194.58.112.174 | neqi.shop | Russian Federation | 197695 | AS-REGRU | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579541 |
Start date and time: | 2024-12-22 23:31:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Setup.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@3/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
17:32:23 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
194.58.112.174 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
neqi.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
AS-REGRU | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Xmrig | Browse |
|
File type: | |
Entropy (8bit): | 0.6788921252373252 |
TrID: |
|
File name: | Setup.exe |
File size: | 76'868'306 bytes |
MD5: | 1bb77fc90fba4c11eb12606d8721fe21 |
SHA1: | cbccd90cde2ff9fc729fa7d04ac6d02c3ea08e6a |
SHA256: | bb34760899fecabbe502ba6b969ac7d0436e1780ff4c99e71edd8230451431b7 |
SHA512: | ff83345266b7668f39f59f2e13f038626879621534ff0bf412a3249a2baac424ea3bd46829b7e326022dbbf3089d5387ce879eee47f4f7f1cb97b0dfd45a6949 |
SSDEEP: | 49152:aW0lhqNKnAx4G8iPCwRiwNssTzna6R+p8jFWvI:elhqwAx4G8iPCwRiwNssTzaXoWQ |
TLSH: | B5F7199A2328E9F3FB428A24153BDEED95AE7918171184CF316531056D320EEBF3592F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........;...;...;...^...!...^.......^.......^...8...^.......;.......i...(...i...-...i...R.......8.......:...;...:.......:...Rich;.. |
Icon Hash: | 0f656caa8a4c030f |
Entrypoint: | 0x5473ab |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x632C6429 [Thu Sep 22 13:33:29 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 4cc4bf46da352a2bee6617b4587ee2d4 |
Signature Valid: | false |
Signature Issuer: | CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 4068B1B0494EFA79F5A751DCCA8111CD |
Thumbprint SHA-1: | 914A09C2E02C696AF394048BCB8D95449BCD5B9E |
Thumbprint SHA-256: | 4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13 |
Serial: | 33000003DFFB6AE3F427ECB6A30000000003DF |
Instruction |
---|
call 00007F9EE4DFBED6h |
jmp 00007F9EE4DFB05Fh |
cmp ecx, dword ptr [005C5FD4h] |
jne 00007F9EE4DFB1E5h |
ret |
jmp 00007F9EE4DFBB81h |
call 00007F9EE4DFB224h |
push 00000000h |
call 00007F9EE4DFB515h |
pop ecx |
test al, al |
je 00007F9EE4DFB1F0h |
push 005474F9h |
call 00007F9EE4DFB6BFh |
pop ecx |
xor eax, eax |
ret |
push 00000007h |
call 00007F9EE4DFBF50h |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [005C5FD4h] |
and eax, 1Fh |
push 00000020h |
pop ecx |
sub ecx, eax |
mov eax, dword ptr [ebp+08h] |
ror eax, cl |
xor eax, dword ptr [005C5FD4h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00565234h |
mov eax, dword ptr fs:[00000000h] |
push eax |
push ebx |
push esi |
push edi |
mov eax, dword ptr [005C5FD4h] |
xor eax, ebp |
push eax |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
push 00000FA0h |
push 005CE3E8h |
call dword ptr [00573360h] |
push 005A1270h |
call dword ptr [0057340Ch] |
mov esi, eax |
test esi, esi |
jne 00007F9EE4DFB1F7h |
push 00575370h |
call dword ptr [0057340Ch] |
mov esi, eax |
test esi, esi |
je 00007F9EE4DFB272h |
push 005A12B4h |
push esi |
call dword ptr [00573410h] |
push 000000D0h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1c142c | 0x168 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1d0000 | 0x2c048 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x494c902 | 0x21d0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1fd000 | 0x2217a | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1a87d0 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1a88e0 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1a8840 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x173000 | 0x9a8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1716d7 | 0x171800 | c6585f771f56fb4853973c836b16320b | False | 0.5387043830345061 | data | 6.50802381544148 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x173000 | 0x5190a | 0x51a00 | ca996dfea6264d5208f4e127e32cb156 | False | 0.28837157829249616 | data | 4.96465827452165 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1c5000 | 0xa184 | 0x5c00 | 15d900f1264267645e5fd5b60433631e | False | 0.23675271739130435 | data | 4.717120565189211 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1d0000 | 0x2c048 | 0x2c200 | daa9ec7d7944ef7b5c03699dd5014cfc | False | 0.09479019121813032 | data | 2.980958061221572 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1fd000 | 0x6f600 | 0x6f600 | 92e4c3f57ca85eeebfce6f816d65fecc | False | 0.610911633698092 | data | 7.572921326804689 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x1f8a60 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x1f8b98 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
RT_CURSOR | 0x1f8c78 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
RT_CURSOR | 0x1f8dc8 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
RT_CURSOR | 0x1f8f18 | 0x134 | data | English | United States | 0.37337662337662336 |
RT_CURSOR | 0x1f9068 | 0x134 | data | English | United States | 0.37662337662337664 |
RT_CURSOR | 0x1f91b8 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0x1f9308 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
RT_CURSOR | 0x1f9458 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0x1f95a8 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x1f96f8 | 0x134 | data | English | United States | 0.44155844155844154 |
RT_CURSOR | 0x1f9848 | 0x134 | data | English | United States | 0.4155844155844156 |
RT_CURSOR | 0x1f9998 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
RT_CURSOR | 0x1f9ae8 | 0x134 | data | English | United States | 0.2662337662337662 |
RT_CURSOR | 0x1f9c38 | 0x134 | data | English | United States | 0.2824675324675325 |
RT_CURSOR | 0x1f9d88 | 0x134 | data | English | United States | 0.3246753246753247 |
RT_BITMAP | 0x1f9ff8 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
RT_BITMAP | 0x1fa0b0 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
RT_ICON | 0x1d1228 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | India | 0.049272447651721285 |
RT_ICON | 0x1e1a50 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | India | 0.07181521967626656 |
RT_ICON | 0x1eaef8 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | India | 0.08761552680221811 |
RT_ICON | 0x1f0380 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | India | 0.08721067548417571 |
RT_ICON | 0x1f45a8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | India | 0.1274896265560166 |
RT_ICON | 0x1f6b50 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | India | 0.174953095684803 |
RT_ICON | 0x1f7bf8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | India | 0.25245901639344265 |
RT_ICON | 0x1f8580 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | India | 0.32092198581560283 |
RT_DIALOG | 0x1d0c90 | 0x158 | data | English | United States | 0.5494186046511628 |
RT_DIALOG | 0x1d0de8 | 0x62 | data | English | United States | 0.7755102040816326 |
RT_DIALOG | 0x1f9ed8 | 0xe8 | data | English | United States | 0.6336206896551724 |
RT_DIALOG | 0x1f9fc0 | 0x34 | data | English | United States | 0.9038461538461539 |
RT_STRING | 0x1fa1f8 | 0x56 | data | English | United States | 0.6744186046511628 |
RT_STRING | 0x1fa250 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
RT_STRING | 0x1fa2d8 | 0x2a | data | English | United States | 0.5476190476190477 |
RT_STRING | 0x1fa308 | 0x184 | data | English | United States | 0.48711340206185566 |
RT_STRING | 0x1fa490 | 0x4ee | data | English | United States | 0.375594294770206 |
RT_STRING | 0x1fad10 | 0x264 | data | English | United States | 0.3333333333333333 |
RT_STRING | 0x1faa30 | 0x2da | data | English | United States | 0.3698630136986301 |
RT_STRING | 0x1fb758 | 0x8a | data | English | United States | 0.6594202898550725 |
RT_STRING | 0x1fa980 | 0xac | data | English | United States | 0.45348837209302323 |
RT_STRING | 0x1fb648 | 0xde | data | English | United States | 0.536036036036036 |
RT_STRING | 0x1faf78 | 0x4a8 | data | English | United States | 0.3221476510067114 |
RT_STRING | 0x1fb420 | 0x228 | data | English | United States | 0.4003623188405797 |
RT_STRING | 0x1fb728 | 0x2c | data | English | United States | 0.5227272727272727 |
RT_STRING | 0x1fb7e8 | 0x53e | data | English | United States | 0.2965722801788376 |
RT_GROUP_CURSOR | 0x1f8c50 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
RT_GROUP_CURSOR | 0x1f9440 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f8db0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f92f0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f91a0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9ad0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9050 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f96e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f8f00 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9590 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9830 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9980 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9c20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9d70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1f9ec0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x1f89e8 | 0x76 | data | English | India | 0.7542372881355932 |
RT_VERSION | 0x1d0e50 | 0x3d8 | data | English | United States | 0.38109756097560976 |
RT_MANIFEST | 0x1fbd28 | 0x31c | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (736), with CRLF line terminators | English | United States | 0.5238693467336684 |
DLL | Import |
---|---|
KERNEL32.dll | ExitProcess, GetStdHandle, GetFileType, SetStdHandle, QueryPerformanceFrequency, VirtualQuery, VirtualAlloc, GetSystemInfo, HeapQueryInformation, FreeLibraryAndExitThread, ExitThread, CreateThread, GetCommandLineW, GetCommandLineA, RtlUnwind, OutputDebugStringW, LCMapStringW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetFilePointerEx, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetStringTypeW, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, WaitForSingleObjectEx, ResetEvent, GetTempFileNameW, Sleep, GetProfileIntW, SearchPathW, FindResourceExW, GetWindowsDirectoryW, GetTempPathW, GetTickCount, SystemTimeToTzSpecificLocalTime, GetFileTime, GetFileSizeEx, GetFileAttributesExW, GetFileAttributesW, FileTimeToLocalFileTime, SetErrorMode, VirtualProtect, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetCurrentProcess, DuplicateHandle, WriteFile, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, FlushFileBuffers, FindFirstFileW, FindClose, CreateFileW, FileTimeToSystemTime, GlobalGetAtomNameW, GetThreadLocale, DeleteFileW, GlobalFlags, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetCurrentDirectoryW, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, CompareStringW, GlobalFindAtomW, LoadLibraryA, GetSystemDirectoryW, EncodePointer, InitializeCriticalSectionAndSpinCount, GetCurrentProcessId, GlobalAddAtomW, ResumeThread, SetThreadPriority, CreateEventW, WaitForSingleObject, SetEvent, CloseHandle, CopyFileW, FormatMessageW, MulDiv, LocalFree, GlobalUnlock, GlobalSize, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, lstrcpyW, GlobalFree, FreeResource, WideCharToMultiByte, MultiByteToWideChar, lstrcmpW, lstrcmpA, GlobalDeleteAtom, GlobalLock, GlobalAlloc, LoadLibraryW, LoadLibraryExW, GetModuleHandleA, GetModuleFileNameW, FreeLibrary, GetVersionExW, GetCurrentThreadId, GetCurrentThread, SetLastError, OutputDebugStringA, GetBinaryTypeW, FindResourceW, LoadResource, LockResource, SizeofResource, GetModuleHandleW, GetProcAddress, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, GetLastError, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, GetModuleHandleExW, WriteConsoleW |
USER32.dll | SetRectEmpty, SetLayeredWindowAttributes, CharUpperW, DestroyIcon, GetSysColorBrush, MessageBeep, GetNextDlgGroupItem, IsRectEmpty, IntersectRect, SetRect, InvalidateRgn, CopyAcceleratorTableW, OffsetRect, CharNextW, KillTimer, SetTimer, RealChildWindowFromPoint, DeleteMenu, CopyImage, LoadCursorW, WindowFromPoint, ReleaseCapture, SetCapture, WaitMessage, IsDialogMessageW, SetWindowTextW, CheckDlgButton, MoveWindow, ShowWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetTopWindow, GetClassLongW, SetWindowLongW, PtInRect, EqualRect, MapWindowPoints, AdjustWindowRectEx, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, SetForegroundWindow, GetForegroundWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, SetFocus, GetDlgCtrlID, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, IsChild, IsMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, SystemParametersInfoW, InflateRect, CopyRect, GetMenuItemInfoW, DestroyMenu, UnhookWindowsHookEx, GetSysColor, ScreenToClient, ClientToScreen, EndPaint, BeginPaint, ReleaseDC, GetWindowDC, GetDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, GetDesktopWindow, SetActiveWindow, GetNextDlgTabItem, SendDlgItemMessageA, GetAsyncKeyState, SetCursorPos, UnregisterClassW, PostQuitMessage, LoadIconW, GetSystemMenu, GetDlgItem, EndDialog, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetClassNameW, FillRect, InvalidateRect, UpdateWindow, DrawStateW, GetLastActivePopup, GetWindowThreadProcessId, GetWindowLongW, MessageBoxW, IsWindowEnabled, BringWindowToTop, LoadAcceleratorsW, TranslateAcceleratorW, LoadMenuW, CreatePopupMenu, InsertMenuItemW, LoadImageW, UnpackDDElParam, ReuseDDElParam, RegisterClipboardFormatW, TrackMouseEvent, IsZoomed, SetWindowRgn, SetCursor, ShowOwnedPopups, NotifyWinEvent, GetMenuDefaultItem, SetMenuDefaultItem, UpdateLayeredWindow, EnableScrollBar, UnionRect, MonitorFromPoint, EnumDisplayMonitors, AppendMenuW, SendMessageW, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, EnableWindow, PostMessageW, SetWindowPos, SetWindowContextHelpId, GetParent, GetWindow, MapDialogRect, RegisterWindowMessageW, GetMenuStringW, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuW, RemoveMenu, GetFocus, CheckMenuItem, EnableMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, SetMenuItemInfoW, LoadBitmapW, GetMessageW, DestroyAcceleratorTable, TranslateMessage, DispatchMessageW, PeekMessageW, IsWindowVisible, GetActiveWindow, GetKeyState, ValidateRect, GetCursorPos, SetWindowsHookExW, CallNextHookEx, SetParent, LockWindowUpdate, SetClassLongW, GetKeyNameTextW, PostThreadMessageW, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, CharUpperBuffW, ModifyMenuW, CopyIcon, FrameRect, GetDoubleClickTime, GetIconInfo, IsCharLowerW, MapVirtualKeyExW, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, IsClipboardFormatAvailable, GetUpdateRect, SubtractRect, CreateMenu, HideCaret, InvertRect, DestroyCursor, GetComboBoxInfo, GetWindowRgn, CreateAcceleratorTableW, MapVirtualKeyW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, DrawIconEx, DrawFocusRect, DrawFrameControl, DrawEdge |
GDI32.dll | GetClipBox, GetObjectType, GetPixel, GetViewportExtEx, GetWindowExtEx, IntersectClipRect, LineTo, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextColor, SetTextAlign, MoveToEx, TextOutW, ExtTextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectW, GetTextExtentPoint32W, GetBkColor, ExcludeClipRect, CreateRectRgnIndirect, GetRgnBox, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, GetTextMetricsW, CombineRgn, GetMapMode, PatBlt, SetRectRgn, DPtoLP, CreateRoundRectRgn, CreateDIBSection, CreateEllipticRgn, Ellipse, CreatePolygonRgn, Polygon, Polyline, EnumFontFamiliesExW, RealizePalette, SetPixel, StretchBlt, SetDIBColorTable, OffsetRgn, Rectangle, RoundRect, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, LPtoDP, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetWindowOrgEx, GetViewportOrgEx, SetPixelV, GetTextFaceW, Escape, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateCompatibleDC, GetObjectW, GetStockObject, DeleteObject, CreateSolidBrush, CreateBitmap, GetDeviceCaps, CreateDCW, CopyMetaFileW, GetTextColor, BitBlt, DeleteDC |
MSIMG32.dll | TransparentBlt, AlphaBlend |
WINSPOOL.DRV | ClosePrinter, OpenPrinterW, DocumentPropertiesW |
ADVAPI32.dll | RegOpenKeyExW, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegCloseKey, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueExW |
SHELL32.dll | ShellExecuteW, SHGetMalloc, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHBrowseForFolderW, SHAppBarMessage, DragFinish, DragQueryFileW, SHGetFileInfoW, SHGetDesktopFolder |
COMCTL32.dll | InitCommonControlsEx |
SHLWAPI.dll | PathFindFileNameW, PathIsUNCW, StrFormatKBSizeW, PathStripToRootW, PathRemoveFileSpecW, PathFindExtensionW |
UxTheme.dll | GetWindowTheme, IsAppThemed, DrawThemeText, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetThemeSysColor, GetCurrentThemeName, IsThemeBackgroundPartiallyTransparent, GetThemeColor |
ole32.dll | CoRevokeClassObject, OleIsCurrentClipboard, CoRegisterMessageFilter, DoDragDrop, CreateStreamOnHGlobal, OleLockRunning, OleCreateMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, OleDestroyMenuDescriptor, CoInitializeEx, OleUninitialize, OleInitialize, CoFreeUnusedLibraries, CoDisconnectObject, CreateILockBytesOnHGlobal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc, CoInitialize, CoCreateInstance, CLSIDFromProgID, CLSIDFromString, CoCreateGuid, CoUninitialize, OleFlushClipboard, ReleaseStgMedium |
OLEAUT32.dll | LoadTypeLib, VarBstrFromDate, VariantCopy, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, OleCreateFontIndirect, VariantChangeType, VariantClear, VariantInit, SysAllocStringLen, SysFreeString, SysAllocString, SafeArrayDestroy |
oledlg.dll | OleUIBusyW |
gdiplus.dll | GdipBitmapLockBits, GdipDrawImageI, GdipCreateBitmapFromStream, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipDrawImageRectI, GdipSetInterpolationMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipBitmapUnlockBits, GdipCreateBitmapFromScan0, GdipGetImageHeight |
OLEACC.dll | LresultFromObject, CreateStdAccessibleObject, AccessibleObjectFromWindow |
IMM32.dll | ImmReleaseContext, ImmGetOpenStatus, ImmGetContext |
WINMM.dll | PlaySoundW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
English | India |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-22T23:32:22.671287+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:23.814971+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:23.814971+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:25.053250+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:26.335952+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:26.335952+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:27.939198+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49723 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:30.702383+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49729 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:33.585636+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49739 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:36.153334+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49744 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:38.218323+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49750 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:39.377234+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.5 | 49750 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:40.617746+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49756 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:41.667755+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 49756 | 172.67.151.193 | 443 | TCP |
2024-12-22T23:32:46.606714+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49763 | 194.58.112.174 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 22, 2024 23:32:21.440998077 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:21.441044092 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:21.441121101 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:21.442523003 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:21.442540884 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:22.671092987 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:22.671287060 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:22.672960997 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:22.672988892 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:22.673352003 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:22.788120985 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:22.788249969 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:22.788520098 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.814907074 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.815009117 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.815067053 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.822221041 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.822241068 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.822259903 CET | 49711 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.822268963 CET | 443 | 49711 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.833026886 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.833103895 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:23.833249092 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.833760023 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:23.833780050 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:25.053129911 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:25.053250074 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:25.054883957 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:25.054918051 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:25.055185080 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:25.063718081 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:25.063762903 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:25.063829899 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.336008072 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.336155891 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.336210966 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.336236954 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.336323023 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.336365938 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.336378098 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.343580008 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.343637943 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.343657970 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.351989031 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.352036953 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.352046013 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.360320091 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.360375881 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.360390902 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.415220976 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.415285110 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.455395937 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.455586910 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.455657005 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.509030104 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.527338028 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.531421900 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.531500101 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.531606913 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.531675100 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.531723022 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.531759977 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.531791925 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.531989098 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.532028913 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.532058001 CET | 49717 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.532073021 CET | 443 | 49717 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.717446089 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.717498064 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:26.717571974 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.717854977 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:26.717869043 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:27.939107895 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:27.939198017 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:27.940383911 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:27.940391064 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:27.941200972 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:27.944767952 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:27.944900990 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:27.944928885 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:29.204776049 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:29.205044031 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:29.205121040 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:29.214471102 CET | 49723 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:29.214493036 CET | 443 | 49723 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:29.482484102 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:29.482589960 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:29.482705116 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:29.483289003 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:29.483335018 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:30.702234983 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:30.702383041 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:30.703772068 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:30.703803062 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:30.704138994 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:30.705466032 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:30.705692053 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:30.705739021 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:30.705818892 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:30.751328945 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:31.669751883 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:31.669872046 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:31.669975042 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:31.712812901 CET | 49729 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:31.712862968 CET | 443 | 49729 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:32.372159004 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:32.372208118 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:32.372277021 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:32.372680902 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:32.372694969 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:33.585407019 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:33.585635900 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:33.586879969 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:33.586894989 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:33.587148905 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:33.588545084 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:33.588704109 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:33.588731050 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:33.588795900 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:33.588804960 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:34.592411995 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:34.592518091 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:34.592593908 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:34.592787981 CET | 49739 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:34.592808962 CET | 443 | 49739 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:34.937500954 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:34.937557936 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:34.937700987 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:34.938009977 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:34.938031912 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.153204918 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.153333902 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.155174971 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.155189991 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.155587912 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.157263994 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.157390118 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.157397032 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.912894011 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.913009882 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:36.913081884 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.913317919 CET | 49744 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:36.913374901 CET | 443 | 49744 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:37.004017115 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:37.004076004 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:37.004188061 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:37.004595041 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:37.004611015 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:38.218123913 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:38.218322992 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:38.219767094 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:38.219800949 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:38.220163107 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:38.221836090 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:38.221978903 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:38.221998930 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:39.377242088 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:39.377382040 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:39.377567053 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:39.377736092 CET | 49750 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:39.377758980 CET | 443 | 49750 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:39.382693052 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:39.382730007 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:39.382817984 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:39.383255005 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:39.383268118 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:40.617588997 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:40.617746115 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:40.621841908 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:40.621853113 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:40.622276068 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:40.665155888 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:40.678697109 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:40.678728104 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:40.678822994 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:41.667701960 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:41.667809010 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:41.667985916 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:41.668093920 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:41.668118000 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:41.668128967 CET | 49756 | 443 | 192.168.2.5 | 172.67.151.193 |
Dec 22, 2024 23:32:41.668134928 CET | 443 | 49756 | 172.67.151.193 | 192.168.2.5 |
Dec 22, 2024 23:32:41.808475018 CET | 49763 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:41.808520079 CET | 443 | 49763 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:41.808600903 CET | 49763 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:41.808971882 CET | 49763 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:41.808984995 CET | 443 | 49763 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:46.606601954 CET | 443 | 49763 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:46.606714010 CET | 49763 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:46.636198997 CET | 49763 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:46.636224031 CET | 443 | 49763 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:46.636625051 CET | 49774 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:46.636662006 CET | 443 | 49774 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:46.636733055 CET | 49774 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:46.638825893 CET | 49774 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:46.638839006 CET | 443 | 49774 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:51.419049025 CET | 443 | 49774 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:51.419809103 CET | 49774 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:51.420217991 CET | 49774 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:51.420234919 CET | 443 | 49774 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:51.420241117 CET | 49785 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:51.420339108 CET | 443 | 49785 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:51.420447111 CET | 49785 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:51.421154022 CET | 49785 | 443 | 192.168.2.5 | 194.58.112.174 |
Dec 22, 2024 23:32:51.421206951 CET | 443 | 49785 | 194.58.112.174 | 192.168.2.5 |
Dec 22, 2024 23:32:51.423782110 CET | 49785 | 443 | 192.168.2.5 | 194.58.112.174 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 22, 2024 23:32:21.125333071 CET | 51263 | 53 | 192.168.2.5 | 1.1.1.1 |
Dec 22, 2024 23:32:21.434237003 CET | 53 | 51263 | 1.1.1.1 | 192.168.2.5 |
Dec 22, 2024 23:32:41.669545889 CET | 62142 | 53 | 192.168.2.5 | 1.1.1.1 |
Dec 22, 2024 23:32:41.807391882 CET | 53 | 62142 | 1.1.1.1 | 192.168.2.5 |
Dec 22, 2024 23:32:51.424745083 CET | 52668 | 53 | 192.168.2.5 | 1.1.1.1 |
Dec 22, 2024 23:32:51.656316042 CET | 53 | 52668 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 22, 2024 23:32:21.125333071 CET | 192.168.2.5 | 1.1.1.1 | 0x1f4a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 22, 2024 23:32:41.669545889 CET | 192.168.2.5 | 1.1.1.1 | 0x4b5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 22, 2024 23:32:51.424745083 CET | 192.168.2.5 | 1.1.1.1 | 0x47a3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 22, 2024 23:32:21.434237003 CET | 1.1.1.1 | 192.168.2.5 | 0x1f4a | No error (0) | 172.67.151.193 | A (IP address) | IN (0x0001) | false | ||
Dec 22, 2024 23:32:21.434237003 CET | 1.1.1.1 | 192.168.2.5 | 0x1f4a | No error (0) | 104.21.88.181 | A (IP address) | IN (0x0001) | false | ||
Dec 22, 2024 23:32:41.807391882 CET | 1.1.1.1 | 192.168.2.5 | 0x4b5 | No error (0) | 194.58.112.174 | A (IP address) | IN (0x0001) | false | ||
Dec 22, 2024 23:32:51.656316042 CET | 1.1.1.1 | 192.168.2.5 | 0x47a3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:22 UTC | 264 | OUT | |
2024-12-22 22:32:22 UTC | 8 | OUT | |
2024-12-22 22:32:23 UTC | 1140 | IN | |
2024-12-22 22:32:23 UTC | 7 | IN | |
2024-12-22 22:32:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49717 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:25 UTC | 265 | OUT | |
2024-12-22 22:32:25 UTC | 79 | OUT | |
2024-12-22 22:32:26 UTC | 1128 | IN | |
2024-12-22 22:32:26 UTC | 241 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 160 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN | |
2024-12-22 22:32:26 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49723 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:27 UTC | 278 | OUT | |
2024-12-22 22:32:27 UTC | 12805 | OUT | |
2024-12-22 22:32:29 UTC | 1148 | IN | |
2024-12-22 22:32:29 UTC | 20 | IN | |
2024-12-22 22:32:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49729 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:30 UTC | 276 | OUT | |
2024-12-22 22:32:30 UTC | 15035 | OUT | |
2024-12-22 22:32:31 UTC | 1133 | IN | |
2024-12-22 22:32:31 UTC | 20 | IN | |
2024-12-22 22:32:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49739 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:33 UTC | 275 | OUT | |
2024-12-22 22:32:33 UTC | 15331 | OUT | |
2024-12-22 22:32:33 UTC | 5188 | OUT | |
2024-12-22 22:32:34 UTC | 1136 | IN | |
2024-12-22 22:32:34 UTC | 20 | IN | |
2024-12-22 22:32:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49744 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:36 UTC | 281 | OUT | |
2024-12-22 22:32:36 UTC | 1249 | OUT | |
2024-12-22 22:32:36 UTC | 1134 | IN | |
2024-12-22 22:32:36 UTC | 20 | IN | |
2024-12-22 22:32:36 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49750 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:38 UTC | 275 | OUT | |
2024-12-22 22:32:38 UTC | 1075 | OUT | |
2024-12-22 22:32:39 UTC | 1129 | IN | |
2024-12-22 22:32:39 UTC | 20 | IN | |
2024-12-22 22:32:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49756 | 172.67.151.193 | 443 | 6660 | C:\Users\user\Desktop\Setup.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-22 22:32:40 UTC | 266 | OUT | |
2024-12-22 22:32:40 UTC | 114 | OUT | |
2024-12-22 22:32:41 UTC | 1129 | IN | |
2024-12-22 22:32:41 UTC | 222 | IN | |
2024-12-22 22:32:41 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 17:32:00 |
Start date: | 22/12/2024 |
Path: | C:\Users\user\Desktop\Setup.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb60000 |
File size: | 76'868'306 bytes |
MD5 hash: | 1BB77FC90FBA4C11EB12606D8721FE21 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.8% |
Dynamic/Decrypted Code Coverage: | 14.8% |
Signature Coverage: | 6.7% |
Total number of Nodes: | 629 |
Total number of Limit Nodes: | 25 |
Graph
Function 014AC059 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BE7B56 Relevance: 6.1, APIs: 3, Instructions: 1610librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE7E9B Relevance: 5.9, APIs: 3, Instructions: 1396librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01460299 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 399threadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BE813E Relevance: 4.2, APIs: 2, Instructions: 1218librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01460859 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B88C49 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 373stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89183 Relevance: 64.8, APIs: 43, Instructions: 295COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B769BA Relevance: 15.1, APIs: 10, Instructions: 111memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86133 Relevance: 12.0, APIs: 8, Instructions: 34COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8873A Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014ACCD7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 014AB929 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE93C8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8868D Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6C890 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BAB932 Relevance: 57.2, APIs: 31, Strings: 1, Instructions: 1154windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B624B0 Relevance: 44.6, APIs: 16, Strings: 9, Instructions: 897registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B61E20 Relevance: 37.2, APIs: 14, Strings: 7, Instructions: 446registrywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01495812 Relevance: 30.2, Strings: 24, Instructions: 248COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 014829E6 Relevance: 21.8, Strings: 17, Instructions: 574COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0147A016 Relevance: 20.2, Strings: 16, Instructions: 182COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA655F Relevance: 15.5, APIs: 10, Instructions: 505keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01497116 Relevance: 15.2, Strings: 12, Instructions: 227COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00CC0749 Relevance: 13.6, APIs: 3, Strings: 4, Instructions: 1390COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77B46 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B87018 Relevance: 10.6, APIs: 7, Instructions: 132fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0146C106 Relevance: 9.1, Strings: 7, Instructions: 395COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CBB7D6 Relevance: 7.9, APIs: 5, Instructions: 376timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0146A866 Relevance: 6.6, Strings: 5, Instructions: 361COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BEAEE4 Relevance: 6.5, APIs: 4, Instructions: 499COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6B089 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01498016 Relevance: 4.2, Strings: 3, Instructions: 497COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01466336 Relevance: 3.3, Strings: 2, Instructions: 824COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B8DAFA Relevance: 3.0, APIs: 2, Instructions: 36windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01482006 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7ECCD Relevance: 1.7, APIs: 1, Instructions: 246COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0146D9AF Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0148A9FA Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01465036 Relevance: .6, Instructions: 600COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01467086 Relevance: .4, Instructions: 448COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01470326 Relevance: .4, Instructions: 410COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 014879A6 Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0147F0C6 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0149EB06 Relevance: .3, Instructions: 324COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01477128 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01467976 Relevance: .3, Instructions: 303COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 014799E6 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01483B66 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01460000 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01487140 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01496866 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0147F826 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0149E066 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BE78F5 Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 014868F1 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0147D1DC Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BE91EF Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CC22E5 Relevance: .1, Instructions: 105COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0146D048 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00CC21C1 Relevance: .1, Instructions: 82COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0146B300 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00CBAF0A Relevance: .0, Instructions: 23COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01484948 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAD8BD Relevance: 40.8, APIs: 27, Instructions: 337COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE73F3 Relevance: 34.7, APIs: 23, Instructions: 240COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAE479 Relevance: 28.6, APIs: 19, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA5D9F Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 358timewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C5357D Relevance: 24.4, APIs: 16, Instructions: 388COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77BBF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 162libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA7DED Relevance: 22.8, APIs: 15, Instructions: 254timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CAF3D0 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 493COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1E569 Relevance: 15.3, APIs: 10, Instructions: 265COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB319 Relevance: 15.2, APIs: 10, Instructions: 219timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BEA42A Relevance: 15.2, APIs: 10, Instructions: 204COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA7040 Relevance: 15.2, APIs: 10, Instructions: 165timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B76E43 Relevance: 15.1, APIs: 10, Instructions: 110memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE07E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 127memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFE21F Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 101sleepthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B70AC5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6F16F Relevance: 14.0, APIs: 9, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE9A38 Relevance: 13.7, APIs: 9, Instructions: 201fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C9F6F5 Relevance: 13.6, APIs: 9, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8CEC2 Relevance: 13.6, APIs: 9, Instructions: 64windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71395 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 219libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6F959 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7780C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA505E Relevance: 12.1, APIs: 8, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7854C Relevance: 12.1, APIs: 8, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8881F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B686EC Relevance: 12.0, APIs: 8, Instructions: 49memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1AE76 Relevance: 10.8, APIs: 7, Instructions: 251COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9E04C Relevance: 10.6, APIs: 7, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B65D42 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71C74 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 102libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD359E Relevance: 10.6, APIs: 7, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B67609 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE5434 Relevance: 10.6, APIs: 7, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CBA95F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6ECE7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78libraryloaderthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72AE1 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB86B Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6EFA3 Relevance: 10.6, APIs: 7, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B63F00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B783F7 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B776A1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77ED6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77E12 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77FA0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77F3B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B777B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77AE7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77E77 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77645 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B775F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7775B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77D75 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99280 Relevance: 9.3, APIs: 6, Instructions: 348COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA461 Relevance: 9.3, APIs: 6, Instructions: 268windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9022E Relevance: 9.2, APIs: 6, Instructions: 236windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9E1FB Relevance: 9.2, APIs: 6, Instructions: 205COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BF6935 Relevance: 9.2, APIs: 6, Instructions: 178windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B98B03 Relevance: 9.2, APIs: 6, Instructions: 172windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8757B Relevance: 9.1, APIs: 6, Instructions: 139windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAEBED Relevance: 9.1, APIs: 6, Instructions: 135COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B96DA8 Relevance: 9.1, APIs: 6, Instructions: 107windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAC9F2 Relevance: 9.1, APIs: 6, Instructions: 94windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72F19 Relevance: 9.1, APIs: 6, Instructions: 88windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAAC98 Relevance: 9.1, APIs: 6, Instructions: 86timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8550B Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6A761 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90E5D Relevance: 9.1, APIs: 6, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7818C Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7172B Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB6C44 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86A02 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B793CF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7789B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B779BB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77A82 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7795C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77900 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB8885 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9B17E Relevance: 7.9, APIs: 5, Instructions: 369COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B937B3 Relevance: 7.8, APIs: 5, Instructions: 281COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6B1F2 Relevance: 7.7, APIs: 5, Instructions: 155COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA39B1 Relevance: 7.6, APIs: 5, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA810A Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B945A3 Relevance: 7.6, APIs: 5, Instructions: 118memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9F352 Relevance: 7.6, APIs: 5, Instructions: 116windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC48 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9FBDF Relevance: 7.6, APIs: 5, Instructions: 103COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAD799 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA6D98 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B73451 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9FEEB Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE9D3F Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4E47 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8F40F Relevance: 7.6, APIs: 5, Instructions: 63windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A373 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A8AA Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2C8B Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8E056 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAAFFA Relevance: 7.5, APIs: 5, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7687D Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B76671 Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB20AB Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 498COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8136C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3CF9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9F981 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B78355 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B67ABE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6A1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8593E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B91BC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B63EA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9CC46 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BACC04 Relevance: 6.2, APIs: 4, Instructions: 197COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BEA985 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C531FC Relevance: 6.2, APIs: 4, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B66775 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA9E23 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B82526 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B68EF8 Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B70BEE Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA6E9B Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BEE1DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75C59 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B634A0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89A85 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C533BB Relevance: 6.1, APIs: 4, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C011C1 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA6C97 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CAFBD8 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B63610 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA7AB6 Relevance: 6.1, APIs: 4, Instructions: 74windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B80A6A Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA6BCB Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8B0E0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B873A1 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B66909 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B63380 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D036 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B95E68 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B70A3B Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8F579 Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CAEA00 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6BD65 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DFC7 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B73041 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B70512 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B703EC Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75DA6 Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6B19C Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C9F4D4 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B95A2D Relevance: 6.0, APIs: 4, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1CC35 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B67B97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BEC177 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52registryclipboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B76ADD Relevance: 5.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|