Edit tour
Windows
Analysis Report
5RRVBiCpFI.exe
Overview
General Information
| Sample name: | 5RRVBiCpFI.exerenamed because original name is a hash value |
| Original sample name: | 7fc182ca899a18d31e703dc27449a876.exe |
| Analysis ID: | 1580855 |
| MD5: | 7fc182ca899a18d31e703dc27449a876 |
| SHA1: | 35575d85bde2dfa1668d4eca4d70d41e0b1e1736 |
| SHA256: | 93b56f4f608b2c3e894be0169dd92cc9012bde01568a22e4d6a44601657cb86b |
| Tags: | exeLummaStealeruser-abuse_ch |
| Infos: |  |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
5RRVBiCpFI.exe (PID: 6864 cmdline: "C:\Users\ user\Deskt op\5RRVBiC pFI.exe" MD5: 7FC182CA899A18D31E703DC27449A876)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["deafeninggeh.biz", "sordid-snaked.cyou", "awake-weaves.cyou", "debonairnukk.xyz", "immureprech.biz", "diffuculttan.xyz", "wrathful-jammy.cyou", "tackybrushz.click", "effecterectz.xyz"], "Build id": "NFFFFFFFFF--*"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-26T12:07:12.528493+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
| 2024-12-26T12:07:14.827336+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49732 | 104.21.42.145 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-26T12:07:13.448413+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-26T12:07:13.448413+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_022BB234 | |
| Source: | Code function: | 0_2_022BB234 | |
| Source: | Code function: | 0_2_022BB234 | |
| Source: | Code function: | 0_2_022DE218 | |
| Source: | Code function: | 0_2_022DE269 | |
| Source: | Code function: | 0_2_022DE25A | |
| Source: | Code function: | 0_2_022EC2AB | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022DA28D | |
| Source: | Code function: | 0_2_022BF2D6 | |
| Source: | Code function: | 0_2_022BF2D6 | |
| Source: | Code function: | 0_2_022C036F | |
| Source: | Code function: | 0_2_022DD030 | |
| Source: | Code function: | 0_2_022DD030 | |
| Source: | Code function: | 0_2_022D8006 | |
| Source: | Code function: | 0_2_022EE068 | |
| Source: | Code function: | 0_2_022D9064 | |
| Source: | Code function: | 0_2_022CA0AC | |
| Source: | Code function: | 0_2_022C90B6 | |
| Source: | Code function: | 0_2_022D20E4 | |
| Source: | Code function: | 0_2_022C60D3 | |
| Source: | Code function: | 0_2_022DD02B | |
| Source: | Code function: | 0_2_022DD02B | |
| Source: | Code function: | 0_2_022E5164 | |
| Source: | Code function: | 0_2_022DE17E | |
| Source: | Code function: | 0_2_022CE1EE | |
| Source: | Code function: | 0_2_022C81D4 | |
| Source: | Code function: | 0_2_022EE654 | |
| Source: | Code function: | 0_2_022E8734 | |
| Source: | Code function: | 0_2_022BC474 | |
| Source: | Code function: | 0_2_022BC474 | |
| Source: | Code function: | 0_2_022BE44B | |
| Source: | Code function: | 0_2_022D04E4 | |
| Source: | Code function: | 0_2_022DB4E4 | |
| Source: | Code function: | 0_2_022D74C4 | |
| Source: | Code function: | 0_2_022D74C4 | |
| Source: | Code function: | 0_2_022ED4D5 | |
| Source: | Code function: | 0_2_022E8508 | |
| Source: | Code function: | 0_2_022D5568 | |
| Source: | Code function: | 0_2_022EC5E6 | |
| Source: | Code function: | 0_2_022CFAB4 | |
| Source: | Code function: | 0_2_022BEB27 | |
| Source: | Code function: | 0_2_022BEB27 | |
| Source: | Code function: | 0_2_022EDB35 | |
| Source: | Code function: | 0_2_022ECB9C | |
| Source: | Code function: | 0_2_022ECB9C | |
| Source: | Code function: | 0_2_022ECB91 | |
| Source: | Code function: | 0_2_022ECB91 | |
| Source: | Code function: | 0_2_022CA802 | |
| Source: | Code function: | 0_2_022CA802 | |
| Source: | Code function: | 0_2_022D3844 | |
| Source: | Code function: | 0_2_022C7846 | |
| Source: | Code function: | 0_2_022BF859 | |
| Source: | Code function: | 0_2_022EE894 | |
| Source: | Code function: | 0_2_022BD8FD | |
| Source: | Code function: | 0_2_022DC97C | |
| Source: | Code function: | 0_2_022DC958 | |
| Source: | Code function: | 0_2_022D89B1 | |
| Source: | Code function: | 0_2_022DC928 | |
| Source: | Code function: | 0_2_022D79C4 | |
| Source: | Code function: | 0_2_022EE9C4 | |
| Source: | Code function: | 0_2_022EEE24 | |
| Source: | Code function: | 0_2_022EEE24 | |
| Source: | Code function: | 0_2_022C6E19 | |
| Source: | Code function: | 0_2_022C7E11 | |
| Source: | Code function: | 0_2_022D6E6A | |
| Source: | Code function: | 0_2_022D6DF8 | |
| Source: | Code function: | 0_2_022D6E80 | |
| Source: | Code function: | 0_2_022DBF04 | |
| Source: | Code function: | 0_2_022DDF90 | |
| Source: | Code function: | 0_2_022ECB8F | |
| Source: | Code function: | 0_2_022ECB8F | |
| Source: | Code function: | 0_2_022D7C83 | |
| Source: | Code function: | 0_2_022ECCC9 | |
| Source: | Code function: | 0_2_022CEDA4 | |
| Source: | Code function: | 0_2_022D6D9E | |
| Source: | Code function: | 0_2_022CDDF5 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_022FF96C | |
| Source: | Code function: | 0_2_022B0667 | |
| Source: | Code function: | 0_2_022FF96C | |
| Source: | Code function: | 0_2_022FC23C | |
| Source: | Code function: | 0_2_022BB234 | |
| Source: | Code function: | 0_2_022DE218 | |
| Source: | Code function: | 0_2_022B8214 | |
| Source: | Code function: | 0_2_022DE269 | |
| Source: | Code function: | 0_2_022DE25A | |
| Source: | Code function: | 0_2_022CB2A4 | |
| Source: | Code function: | 0_2_022BA2C4 | |
| Source: | Code function: | 0_2_022EF364 | |
| Source: | Code function: | 0_2_022EB364 | |
| Source: | Code function: | 0_2_022E73C4 | |
| Source: | Code function: | 0_2_022DD030 | |
| Source: | Code function: | 0_2_022B0000 | |
| Source: | Code function: | 0_2_022CA0AC | |
| Source: | Code function: | 0_2_022EF0B4 | |
| Source: | Code function: | 0_2_022DF0B2 | |
| Source: | Code function: | 0_2_022D20E4 | |
| Source: | Code function: | 0_2_022DD02B | |
| Source: | Code function: | 0_2_022CF114 | |
| Source: | Code function: | 0_2_022FD114 | |
| Source: | Code function: | 0_2_022E7164 | |
| Source: | Code function: | 0_2_022DE17E | |
| Source: | Code function: | 0_2_022E615E | |
| Source: | Code function: | 0_2_022CE1EE | |
| Source: | Code function: | 0_2_022FC674 | |
| Source: | Code function: | 0_2_022E8734 | |
| Source: | Code function: | 0_2_022B4704 | |
| Source: | Code function: | 0_2_022C9474 | |
| Source: | Code function: | 0_2_022BC474 | |
| Source: | Code function: | 0_2_022BE44B | |
| Source: | Code function: | 0_2_022B54F4 | |
| Source: | Code function: | 0_2_022D74C4 | |
| Source: | Code function: | 0_2_022ED4D5 | |
| Source: | Code function: | 0_2_022B7524 | |
| Source: | Code function: | 0_2_022C1531 | |
| Source: | Code function: | 0_2_022CF514 | |
| Source: | Code function: | 0_2_022D5568 | |
| Source: | Code function: | 0_2_022D65C1 | |
| Source: | Code function: | 0_2_022E2A24 | |
| Source: | Code function: | 0_2_022CDA79 | |
| Source: | Code function: | 0_2_022CFAB4 | |
| Source: | Code function: | 0_2_022B4AD4 | |
| Source: | Code function: | 0_2_022ECB9C | |
| Source: | Code function: | 0_2_022E5BCC | |
| Source: | Code function: | 0_2_022EEBD4 | |
| Source: | Code function: | 0_2_022CA802 | |
| Source: | Code function: | 0_2_022D3844 | |
| Source: | Code function: | 0_2_022BF859 | |
| Source: | Code function: | 0_2_022CF884 | |
| Source: | Code function: | 0_2_022D98D6 | |
| Source: | Code function: | 0_2_022BD9B5 | |
| Source: | Code function: | 0_2_022D99D5 | |
| Source: | Code function: | 0_2_022E79D4 | |
| Source: | Code function: | 0_2_022EA9D4 | |
| Source: | Code function: | 0_2_022EEE24 | |
| Source: | Code function: | 0_2_022CAE0E | |
| Source: | Code function: | 0_2_022FBE6C | |
| Source: | Code function: | 0_2_022B5EA4 | |
| Source: | Code function: | 0_2_022DAEDE | |
| Source: | Code function: | 0_2_022EAED4 | |
| Source: | Code function: | 0_2_022FAF78 | |
| Source: | Code function: | 0_2_022B8FE4 | |
| Source: | Code function: | 0_2_022D2C14 | |
| Source: | Code function: | 0_2_022D0C14 | |
| Source: | Code function: | 0_2_022CCC15 | |
| Source: | Code function: | 0_2_022C8C17 | |
| Source: | Code function: | 0_2_022E0C64 | |
| Source: | Code function: | 0_2_022DCC60 | |
| Source: | Code function: | 0_2_022C8C7F | |
| Source: | Code function: | 0_2_022B9C94 | |
| Source: | Code function: | 0_2_022DCCF4 | |
| Source: | Code function: | 0_2_022C2D19 | |
| Source: | Code function: | 0_2_022E7D14 | |
| Source: | Code function: | 0_2_022BAD64 | |
| Source: | Code function: | 0_2_022CEDA4 | |
| Source: | Code function: | 0_2_022B7D84 | |
| Source: | Code function: | 0_2_022CDDF5 | |
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_022B0D77 | |
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_022EDA35 | |
| Source: | Code function: | 0_2_022CC833 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_022B0667 | |
| Source: | Code function: | 0_2_022B0C27 | |
| Source: | Code function: | 0_2_022B1277 | |
| Source: | Code function: | 0_2_022B1276 | |
| Source: | Code function: | 0_2_022B0FD7 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 22 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 61% | Virustotal | Browse | ||
| 61% | ReversingLabs | Win32.Exploit.LummaC |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| tackybrushz.click | 104.21.42.145 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown | |
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.42.145 | tackybrushz.click | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1580855 |
| Start date and time: | 2024-12-26 12:06:06 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 21s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 5RRVBiCpFI.exerenamed because original name is a hash value |
| Original Sample Name: | 7fc182ca899a18d31e703dc27449a876.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@1/0@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 06:07:12 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | LummaC, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
| Get hash | malicious | LummaC, PureLog Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.93943658473428 |
| TrID: |
|
| File name: | 5RRVBiCpFI.exe |
| File size: | 2'369'536 bytes |
| MD5: | 7fc182ca899a18d31e703dc27449a876 |
| SHA1: | 35575d85bde2dfa1668d4eca4d70d41e0b1e1736 |
| SHA256: | 93b56f4f608b2c3e894be0169dd92cc9012bde01568a22e4d6a44601657cb86b |
| SHA512: | b97dda59d74a5ac7d636a4c5b7fc6fd35f933d8c805f1fd22eb940203ec9c0239dc2ad338e843104368149f1afc7483a5eb5ce62cbedd165d8dc4beb6d0b9766 |
| SSDEEP: | 24576:EWzHNoHAwjYBAA8PdkZCiJ3yp6ZYZxlfU1g+pCpSjNCclwoll2VzJ+/SW9IqGvDw:FFAtPdkEoyQ1Rrllcz8qmMiLv |
| TLSH: | 9DB59E22F242C863D46719388C4BA6B85435FE526E39AD7B37F87D1C8F366837815287 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 062b614c27dc602f |
| Entrypoint: | 0x5267ec |
| Entrypoint Section: | CODE |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | |
| Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1133a16cf68dab07a13253f3f67f0626 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add esp, FFFFFFF0h |
| mov eax, 005261ECh |
| call 00007F22246C7425h |
| mov eax, dword ptr [0052C4DCh] |
| mov eax, dword ptr [eax] |
| call 00007F22247323ADh |
| mov ecx, dword ptr [0052C300h] |
| mov eax, dword ptr [0052C4DCh] |
| mov eax, dword ptr [eax] |
| mov edx, dword ptr [0051FA98h] |
| call 00007F22247323ADh |
| mov eax, dword ptr [0052C4DCh] |
| mov eax, dword ptr [eax] |
| call 00007F2224732421h |
| call 00007F22246C4C24h |
| lea eax, dword ptr [eax+00h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x12f000 | 0x2cee | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x147000 | 0x101e00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x134000 | 0x12278 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x133000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| CODE | 0x1000 | 0x125834 | 0x125a00 | d5fe699b4b0398abb412ba25bdff82ab | False | 0.5005437819284803 | data | 6.590525369558882 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| DATA | 0x127000 | 0x5800 | 0x5800 | 7962d3013d898cd6f11882d8bdd046f1 | False | 0.4740323153409091 | data | 5.287381992393107 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| BSS | 0x12d000 | 0x1a61 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0x12f000 | 0x2cee | 0x2e00 | e670e534e6f64ae8087cd6d91cd0454a | False | 0.36124320652173914 | data | 5.0088263356197125 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x132000 | 0x10 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x133000 | 0x18 | 0x200 | c1d1d46389c4811f6147e35bb0ba3244 | False | 0.05078125 | MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "S" | 0.2069200177871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .reloc | 0x134000 | 0x12278 | 0x12400 | 73052c4011dc9054a85f5d232b05075c | False | 0.5440122003424658 | data | 6.655570258331296 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .rsrc | 0x147000 | 0x101e00 | 0x101e00 | ed4426e780d76a69a414cba1a66ade18 | False | 0.48206211373000485 | data | 6.9453030538277165 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x14cb34 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
| RT_CURSOR | 0x14cc68 | 0x134 | data | 0.4642857142857143 | ||
| RT_CURSOR | 0x14cd9c | 0x134 | data | 0.4805194805194805 | ||
| RT_CURSOR | 0x14ced0 | 0x134 | data | 0.38311688311688313 | ||
| RT_CURSOR | 0x14d004 | 0x134 | data | 0.36038961038961037 | ||
| RT_CURSOR | 0x14d138 | 0x134 | data | 0.4090909090909091 | ||
| RT_CURSOR | 0x14d26c | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
| RT_CURSOR | 0x14d3a0 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19385026737967914 |
| RT_CURSOR | 0x14d68c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18716577540106952 |
| RT_CURSOR | 0x14d978 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.2179144385026738 |
| RT_CURSOR | 0x14dc64 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.21122994652406418 |
| RT_CURSOR | 0x14df50 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967064, 3584 elements, 2nd "\377\270w\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | German | Germany | 0.32792207792207795 |
| RT_CURSOR | 0x14e084 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | German | Germany | 0.5292207792207793 |
| RT_CURSOR | 0x14e1b8 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.3538961038961039 | ||
| RT_CURSOR | 0x14e2ec | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
| RT_CURSOR | 0x14e5d8 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19117647058823528 |
| RT_CURSOR | 0x14e8c4 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19786096256684493 |
| RT_CURSOR | 0x14ebb0 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
| RT_CURSOR | 0x14ee9c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
| RT_CURSOR | 0x14f188 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
| RT_BITMAP | 0x14f474 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
| RT_BITMAP | 0x14f644 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | 0.46487603305785125 | ||
| RT_BITMAP | 0x14f828 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
| RT_BITMAP | 0x14f9f8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39870689655172414 | ||
| RT_BITMAP | 0x14fbc8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.4245689655172414 | ||
| RT_BITMAP | 0x14fd98 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5021551724137931 | ||
| RT_BITMAP | 0x14ff68 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5064655172413793 | ||
| RT_BITMAP | 0x150138 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
| RT_BITMAP | 0x150308 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5344827586206896 | ||
| RT_BITMAP | 0x1504d8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
| RT_BITMAP | 0x1506a8 | 0x1ca0 | Device independent bitmap graphic, 231 x 27 x 8, image size 6264 | Chinese | China | 0.11544759825327511 |
| RT_BITMAP | 0x152348 | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.3141025641025641 |
| RT_BITMAP | 0x15251c | 0x170 | Device independent bitmap graphic, 44 x 11 x 4, image size 264 | Chinese | China | 0.39402173913043476 |
| RT_BITMAP | 0x15268c | 0x450 | Device independent bitmap graphic, 1 x 10 x 8, image size 40 | Chinese | China | 0.09148550724637682 |
| RT_BITMAP | 0x152adc | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.43803418803418803 |
| RT_BITMAP | 0x152cb0 | 0x3a8 | Device independent bitmap graphic, 102 x 16 x 4, image size 832 | Chinese | China | 0.3557692307692308 |
| RT_BITMAP | 0x153058 | 0x5a8 | Device independent bitmap graphic, 21 x 16 x 8, image size 384 | Chinese | China | 0.42472375690607733 |
| RT_BITMAP | 0x153600 | 0xbc | Device independent bitmap graphic, 1 x 21 x 4, image size 84 | Chinese | China | 0.5851063829787234 |
| RT_BITMAP | 0x1536bc | 0x6d8 | Device independent bitmap graphic, 8 x 86 x 8, image size 688 | Chinese | China | 0.4001141552511416 |
| RT_BITMAP | 0x153d94 | 0x134 | Device independent bitmap graphic, 18 x 17 x 4, image size 204 | Chinese | China | 0.4512987012987013 |
| RT_BITMAP | 0x153ec8 | 0x90 | Device independent bitmap graphic, 10 x 5 x 4, image size 40 | Chinese | China | 0.6736111111111112 |
| RT_BITMAP | 0x153f58 | 0xd2c | Device independent bitmap graphic, 342 x 19 x 4, image size 3268 | Chinese | China | 0.14383155397390274 |
| RT_BITMAP | 0x154c84 | 0x1b5c | Device independent bitmap graphic, 179 x 33 x 8, image size 5940 | Chinese | China | 0.23557966876070816 |
| RT_BITMAP | 0x1567e0 | 0x194c | Device independent bitmap graphic, 162 x 33 x 8, image size 5412 | Chinese | China | 0.2652872143298332 |
| RT_BITMAP | 0x15812c | 0x1190 | Device independent bitmap graphic, 101 x 33 x 8, image size 3432 | Chinese | China | 0.18683274021352314 |
| RT_BITMAP | 0x1592bc | 0x24a | Device independent bitmap graphic, 45 x 4 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.10580204778156997 |
| RT_BITMAP | 0x159508 | 0x2fa | Device independent bitmap graphic, 11 x 20 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.32545931758530183 |
| RT_BITMAP | 0x159804 | 0x2fe | Device independent bitmap graphic, 18 x 11 x 8, image size 0, resolution 2834 x 2834 px/m, 126 important colors | Chinese | China | 0.8733681462140992 |
| RT_BITMAP | 0x159b04 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.5208333333333334 | ||
| RT_BITMAP | 0x159bc4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.42857142857142855 | ||
| RT_BITMAP | 0x159ca4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.4955357142857143 | ||
| RT_BITMAP | 0x159d84 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.391304347826087 | ||
| RT_BITMAP | 0x159de0 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.532608695652174 | ||
| RT_BITMAP | 0x159e3c | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.4782608695652174 | ||
| RT_BITMAP | 0x159e98 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.5543478260869565 | ||
| RT_BITMAP | 0x159ef4 | 0x5c | Device independent bitmap graphic, 6 x 11 x 1, image size 44 | 0.4673913043478261 | ||
| RT_BITMAP | 0x159f50 | 0xe28 | Device independent bitmap graphic, 160 x 16 x 8, image size 2560 | Chinese | China | 0.467439293598234 |
| RT_BITMAP | 0x15ad78 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.41025641025641024 | ||
| RT_BITMAP | 0x15aeb0 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.27564102564102566 | ||
| RT_BITMAP | 0x15afe8 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3685897435897436 | ||
| RT_BITMAP | 0x15b120 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3685897435897436 | ||
| RT_BITMAP | 0x15b258 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.34294871794871795 | ||
| RT_BITMAP | 0x15b390 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.3717948717948718 | ||
| RT_BITMAP | 0x15b4c8 | 0x104 | Device independent bitmap graphic, 20 x 13 x 4, image size 156 | 0.5038461538461538 | ||
| RT_BITMAP | 0x15b5cc | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.4326923076923077 | ||
| RT_BITMAP | 0x15b704 | 0x104 | Device independent bitmap graphic, 20 x 13 x 4, image size 156 | 0.5153846153846153 | ||
| RT_BITMAP | 0x15b808 | 0x138 | Device independent bitmap graphic, 28 x 13 x 4, image size 208 | 0.46474358974358976 | ||
| RT_BITMAP | 0x15b940 | 0x998 | Device independent bitmap graphic, 222 x 21 x 4, image size 2352 | Chinese | China | 0.05578175895765472 |
| RT_BITMAP | 0x15c2d8 | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.23931623931623933 |
| RT_BITMAP | 0x15c4ac | 0x170 | Device independent bitmap graphic, 44 x 11 x 4, image size 264 | Chinese | China | 0.29891304347826086 |
| RT_BITMAP | 0x15c61c | 0x450 | Device independent bitmap graphic, 1 x 10 x 8, image size 40 | Chinese | China | 0.04528985507246377 |
| RT_BITMAP | 0x15ca6c | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.3974358974358974 |
| RT_BITMAP | 0x15cc40 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | Chinese | China | 0.2018348623853211 |
| RT_BITMAP | 0x15cfa8 | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | Chinese | China | 0.32432432432432434 |
| RT_BITMAP | 0x15d0d0 | 0xb8 | Device independent bitmap graphic, 1 x 20 x 4, image size 80 | Chinese | China | 0.5108695652173914 |
| RT_BITMAP | 0x15d188 | 0x1b4 | Device independent bitmap graphic, 8 x 83 x 4, image size 332 | Chinese | China | 0.26605504587155965 |
| RT_BITMAP | 0x15d33c | 0xf0 | Device independent bitmap graphic, 12 x 17 x 4, image size 136 | Chinese | China | 0.3625 |
| RT_BITMAP | 0x15d42c | 0x7c | Device independent bitmap graphic, 5 x 5 x 4, image size 20 | Chinese | China | 0.6774193548387096 |
| RT_BITMAP | 0x15d4a8 | 0xd2c | Device independent bitmap graphic, 342 x 19 x 4, image size 3268 | Chinese | China | 0.13997627520759193 |
| RT_BITMAP | 0x15e1d4 | 0x6e8 | Device independent bitmap graphic, 98 x 32 x 4, image size 1664 | Chinese | China | 0.07239819004524888 |
| RT_BITMAP | 0x15e8bc | 0x10a8 | Device independent bitmap graphic, 97 x 32 x 8, image size 3200 | Chinese | China | 0.024859287054409006 |
| RT_BITMAP | 0x15f964 | 0x10a8 | Device independent bitmap graphic, 97 x 32 x 8, image size 3200 | Chinese | China | 0.03541275797373358 |
| RT_BITMAP | 0x160a0c | 0x24a | Device independent bitmap graphic, 45 x 4 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.10580204778156997 |
| RT_BITMAP | 0x160c58 | 0x2fa | Device independent bitmap graphic, 11 x 20 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.16272965879265092 |
| RT_BITMAP | 0x160f54 | 0x1ca | Device independent bitmap graphic, 18 x 11 x 8, image size 0, resolution 2834 x 2834 px/m, 49 important colors | Chinese | China | 0.6375545851528385 |
| RT_BITMAP | 0x161120 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.38392857142857145 | ||
| RT_BITMAP | 0x161200 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.4947916666666667 | ||
| RT_BITMAP | 0x1612c0 | 0xf8 | Device independent bitmap graphic, 20 x 12 x 4, image size 144, 16 important colors | Chinese | China | 0.41935483870967744 |
| RT_BITMAP | 0x1613b8 | 0xf8 | Device independent bitmap graphic, 20 x 12 x 4, image size 144, 16 important colors | Chinese | China | 0.43548387096774194 |
| RT_BITMAP | 0x1614b0 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.484375 | ||
| RT_BITMAP | 0x161570 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.42410714285714285 | ||
| RT_BITMAP | 0x161650 | 0x1acc | Device independent bitmap graphic, 252 x 23 x 8, image size 5796 | Chinese | China | 0.3043731778425656 |
| RT_BITMAP | 0x16311c | 0x824 | Device independent bitmap graphic, 60 x 17 x 8, image size 1020 | Chinese | China | 0.7720729366602687 |
| RT_BITMAP | 0x163940 | 0x5e0 | Device independent bitmap graphic, 40 x 11 x 8, image size 440 | Chinese | China | 0.8829787234042553 |
| RT_BITMAP | 0x163f20 | 0x538 | Device independent bitmap graphic, 16 x 17 x 8, image size 272 | Chinese | China | 0.7664670658682635 |
| RT_BITMAP | 0x164458 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32 | Chinese | China | 0.5294117647058824 |
| RT_BITMAP | 0x1644e0 | 0xc0 | Device independent bitmap graphic, 1 x 22 x 4, image size 88, 16 important colors | Chinese | China | 0.6145833333333334 |
| RT_BITMAP | 0x1645a0 | 0x47c | Device independent bitmap graphic, 1 x 21 x 8, image size 84 | Chinese | China | 0.5296167247386759 |
| RT_BITMAP | 0x164a1c | 0x4c8 | Device independent bitmap graphic, 13 x 10 x 8, image size 160 | Chinese | China | 0.7181372549019608 |
| RT_BITMAP | 0x164ee4 | 0x868 | Device independent bitmap graphic, 64 x 17 x 8, image size 1088 | Chinese | China | 0.7523234200743495 |
| RT_BITMAP | 0x16574c | 0xc68 | Device independent bitmap graphic, 96 x 22 x 8, image size 2112 | Chinese | China | 0.46788413098236775 |
| RT_BITMAP | 0x1663b4 | 0x668 | Device independent bitmap graphic, 33 x 16 x 8, image size 576 | Chinese | China | 0.802439024390244 |
| RT_BITMAP | 0x166a1c | 0x938 | Device independent bitmap graphic, 72 x 18 x 8, image size 1296 | Chinese | China | 0.601271186440678 |
| RT_BITMAP | 0x167354 | 0x47c | Device independent bitmap graphic, 1 x 21 x 8, image size 84 | Chinese | China | 0.5174216027874564 |
| RT_BITMAP | 0x1677d0 | 0x6c8 | Device independent bitmap graphic, 7 x 84 x 8, image size 672 | Chinese | China | 0.41013824884792627 |
| RT_BITMAP | 0x167e98 | 0x7f4 | Device independent bitmap graphic, 36 x 27 x 8, image size 972 | Chinese | China | 0.631139489194499 |
| RT_BITMAP | 0x16868c | 0x4b4 | Device independent bitmap graphic, 17 x 7 x 8, image size 140 | Chinese | China | 0.5191029900332226 |
| RT_BITMAP | 0x168b40 | 0x3d42 | Device independent bitmap graphic, 306 x 17 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.12230582833822216 |
| RT_BITMAP | 0x16c884 | 0x8d4 | Device independent bitmap graphic, 49 x 23 x 8, image size 1196, 256 important colors | Chinese | China | 0.3168141592920354 |
| RT_BITMAP | 0x16d158 | 0x878 | Device independent bitmap graphic, 48 x 23 x 8, image size 1104, 256 important colors | Chinese | China | 0.16512915129151293 |
| RT_BITMAP | 0x16d9d0 | 0x878 | Device independent bitmap graphic, 48 x 23 x 8, image size 1104, 256 important colors | Chinese | China | 0.37084870848708484 |
| RT_BITMAP | 0x16e248 | 0x2d2 | Device independent bitmap graphic, 45 x 5 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.15650969529085873 |
| RT_BITMAP | 0x16e51c | 0x2fa | Device independent bitmap graphic, 11 x 20 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.473753280839895 |
| RT_BITMAP | 0x16e818 | 0x25a | Device independent bitmap graphic, 19 x 11 x 8, image size 0, resolution 2834 x 2834 px/m, 85 important colors | Chinese | China | 0.8471760797342193 |
| RT_BITMAP | 0x16ea74 | 0xb0 | Device independent bitmap graphic, 48 x 16 x 1, image size 128 | Chinese | China | 0.42045454545454547 |
| RT_BITMAP | 0x16eb24 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128, 16 important colors | Chinese | China | 0.4353448275862069 |
| RT_BITMAP | 0x16ec0c | 0x2cc | Device independent bitmap graphic, 72 x 17 x 4, image size 612 | Chinese | China | 0.25139664804469275 |
| RT_BITMAP | 0x16eed8 | 0x1fb8 | Device independent bitmap graphic, 168 x 42 x 8, image size 7056 | Chinese | China | 0.3619458128078818 |
| RT_BITMAP | 0x170e90 | 0xf6aa | Device independent bitmap graphic, 181 x 116 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.021379026383302187 |
| RT_BITMAP | 0x18053c | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.5104166666666666 | ||
| RT_BITMAP | 0x1805fc | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.5 | ||
| RT_BITMAP | 0x1806dc | 0x1b8 | Device independent bitmap graphic, 52 x 12 x 4, image size 336 | Chinese | China | 0.3795454545454545 |
| RT_BITMAP | 0x180894 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.4870689655172414 | ||
| RT_BITMAP | 0x18097c | 0x1688 | Device independent bitmap graphic, 222 x 21 x 8, image size 4704 | Chinese | China | 0.4433079056865465 |
| RT_BITMAP | 0x182004 | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.21794871794871795 |
| RT_BITMAP | 0x1821d8 | 0x170 | Device independent bitmap graphic, 44 x 11 x 4, image size 264 | Chinese | China | 0.27445652173913043 |
| RT_BITMAP | 0x182348 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32 | Chinese | China | 0.6323529411764706 |
| RT_BITMAP | 0x1823d0 | 0x450 | Device independent bitmap graphic, 1 x 10 x 8, image size 40 | Chinese | China | 0.03894927536231884 |
| RT_BITMAP | 0x182820 | 0x1d4 | Device independent bitmap graphic, 52 x 13 x 4, image size 364 | Chinese | China | 0.3803418803418803 |
| RT_BITMAP | 0x1829f4 | 0xa28 | Device independent bitmap graphic, 96 x 16 x 8, image size 1536 | Chinese | China | 0.5411538461538462 |
| RT_BITMAP | 0x18341c | 0x128 | Device independent bitmap graphic, 21 x 16 x 4, image size 192 | Chinese | China | 0.32432432432432434 |
| RT_BITMAP | 0x183544 | 0xbc | Device independent bitmap graphic, 1 x 21 x 4, image size 84 | Chinese | China | 0.6542553191489362 |
| RT_BITMAP | 0x183600 | 0x1b4 | Device independent bitmap graphic, 8 x 83 x 4, image size 332 | Chinese | China | 0.26376146788990823 |
| RT_BITMAP | 0x1837b4 | 0x134 | Device independent bitmap graphic, 18 x 17 x 4, image size 204 | Chinese | China | 0.3961038961038961 |
| RT_BITMAP | 0x1838e8 | 0x90 | Device independent bitmap graphic, 10 x 5 x 4, image size 40 | Chinese | China | 0.7013888888888888 |
| RT_BITMAP | 0x183978 | 0xd2c | Device independent bitmap graphic, 342 x 19 x 4, image size 3268 | Chinese | China | 0.14323843416370108 |
| RT_BITMAP | 0x1846a4 | 0xc4 | Device independent bitmap graphic, 1 x 23 x 4, image size 92 | Chinese | China | 0.4744897959183674 |
| RT_BITMAP | 0x184768 | 0x2c0c | Device independent bitmap graphic, 441 x 23 x 8, image size 10212 | Chinese | China | 0.33806314295849593 |
| RT_BITMAP | 0x187374 | 0x484 | Device independent bitmap graphic, 1 x 23 x 8, image size 92 | Chinese | China | 0.092560553633218 |
| RT_BITMAP | 0x1877f8 | 0x24a | Device independent bitmap graphic, 45 x 4 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.10238907849829351 |
| RT_BITMAP | 0x187a44 | 0x2fa | Device independent bitmap graphic, 11 x 20 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.3753280839895013 |
| RT_BITMAP | 0x187d40 | 0x282 | Device independent bitmap graphic, 18 x 11 x 8, image size 0, resolution 2834 x 2834 px/m, 95 important colors | Chinese | China | 0.764797507788162 |
| RT_BITMAP | 0x187fc4 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | 0.4895833333333333 | ||
| RT_BITMAP | 0x188084 | 0x54 | Device independent bitmap graphic, 7 x 9 x 1, image size 36 | Chinese | China | 0.47619047619047616 |
| RT_BITMAP | 0x1880d8 | 0xc0 | Device independent bitmap graphic, 11 x 11 x 4, image size 88 | Chinese | China | 0.4583333333333333 |
| RT_BITMAP | 0x188198 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4115853658536585 |
| RT_BITMAP | 0x188800 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4792682926829268 |
| RT_BITMAP | 0x188e68 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4036585365853659 |
| RT_BITMAP | 0x1894d0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4274390243902439 |
| RT_BITMAP | 0x189b38 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.39695121951219514 |
| RT_BITMAP | 0x18a1a0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.41280487804878047 |
| RT_BITMAP | 0x18a808 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4451219512195122 |
| RT_BITMAP | 0x18ae70 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.40426829268292686 |
| RT_BITMAP | 0x18b4d8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4219512195121951 |
| RT_BITMAP | 0x18bb40 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4798780487804878 |
| RT_BITMAP | 0x18c1a8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.46402439024390246 |
| RT_BITMAP | 0x18c810 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4603658536585366 |
| RT_BITMAP | 0x18ce78 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.5025510204081632 |
| RT_BITMAP | 0x18d000 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4634146341463415 |
| RT_BITMAP | 0x18d668 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4628048780487805 |
| RT_BITMAP | 0x18dcd0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4676829268292683 |
| RT_BITMAP | 0x18e338 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.46402439024390246 |
| RT_BITMAP | 0x18e9a0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4554878048780488 |
| RT_BITMAP | 0x18f008 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.5920731707317073 |
| RT_BITMAP | 0x18f670 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.46158536585365856 |
| RT_BITMAP | 0x18fcd8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4195121951219512 |
| RT_BITMAP | 0x190340 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.4770408163265306 |
| RT_BITMAP | 0x1904c8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4609756097560976 |
| RT_BITMAP | 0x190b30 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.401219512195122 |
| RT_BITMAP | 0x191198 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4189024390243902 |
| RT_BITMAP | 0x191800 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.47317073170731705 |
| RT_BITMAP | 0x191e68 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4164634146341463 |
| RT_BITMAP | 0x1924d0 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.47959183673469385 |
| RT_BITMAP | 0x192658 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.4872448979591837 |
| RT_BITMAP | 0x1927e0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.39207317073170733 |
| RT_BITMAP | 0x192e48 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.39695121951219514 |
| RT_BITMAP | 0x1934b0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.44085365853658537 |
| RT_BITMAP | 0x193b18 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.40792682926829266 |
| RT_BITMAP | 0x194180 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.3979591836734694 |
| RT_BITMAP | 0x194308 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.40853658536585363 |
| RT_BITMAP | 0x194970 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4067073170731707 |
| RT_BITMAP | 0x194fd8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.41097560975609754 |
| RT_BITMAP | 0x195640 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.43841463414634146 |
| RT_BITMAP | 0x195ca8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4445121951219512 |
| RT_BITMAP | 0x196310 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.39390243902439026 |
| RT_BITMAP | 0x196978 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.44387755102040816 |
| RT_BITMAP | 0x196b00 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4445121951219512 |
| RT_BITMAP | 0x197168 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4054878048780488 |
| RT_BITMAP | 0x1977d0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4451219512195122 |
| RT_BITMAP | 0x197e38 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4292682926829268 |
| RT_BITMAP | 0x1984a0 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.413265306122449 |
| RT_BITMAP | 0x198628 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.41829268292682925 |
| RT_BITMAP | 0x198c90 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4036585365853659 |
| RT_BITMAP | 0x1992f8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4140243902439024 |
| RT_BITMAP | 0x199960 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.39878048780487807 |
| RT_BITMAP | 0x199fc8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4140243902439024 |
| RT_BITMAP | 0x19a630 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.40182926829268295 |
| RT_BITMAP | 0x19ac98 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.41097560975609754 |
| RT_BITMAP | 0x19b300 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4073170731707317 |
| RT_BITMAP | 0x19b968 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.41097560975609754 |
| RT_BITMAP | 0x19bfd0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4371951219512195 |
| RT_BITMAP | 0x19c638 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.4642857142857143 |
| RT_BITMAP | 0x19c7c0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.43414634146341463 |
| RT_BITMAP | 0x19ce28 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Chinese | China | 0.4719387755102041 |
| RT_BITMAP | 0x19cfb0 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4054878048780488 |
| RT_BITMAP | 0x19d618 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4451219512195122 |
| RT_BITMAP | 0x19dc80 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.45914634146341465 |
| RT_BITMAP | 0x19e2e8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.40426829268292686 |
| RT_BITMAP | 0x19e950 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4329268292682927 |
| RT_BITMAP | 0x19efb8 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | Chinese | China | 0.4073170731707317 |
| RT_BITMAP | 0x19f620 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | 0.3794642857142857 | ||
| RT_BITMAP | 0x19f700 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.1089588377723971 | ||
| RT_BITMAP | 0x1a03e8 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.10714285714285714 | ||
| RT_BITMAP | 0x1a10d0 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.0950363196125908 | ||
| RT_BITMAP | 0x1a1db8 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.21266233766233766 | ||
| RT_BITMAP | 0x1a2020 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.17207792207792208 | ||
| RT_BITMAP | 0x1a2288 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.1672077922077922 | ||
| RT_BITMAP | 0x1a24f0 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.11955205811138014 | ||
| RT_BITMAP | 0x1a31d8 | 0xce8 | Device independent bitmap graphic, 400 x 16 x 4, image size 3200 | 0.11561743341404358 | ||
| RT_BITMAP | 0x1a3ec0 | 0xd28 | Device independent bitmap graphic, 144 x 16 x 8, image size 2304 | 0.23634204275534443 | ||
| RT_BITMAP | 0x1a4be8 | 0x4b2a | Device independent bitmap graphic, 400 x 16 x 24, image size 0, resolution 2834 x 2834 px/m | 0.2749194470429269 | ||
| RT_BITMAP | 0x1a9714 | 0x126 | Device independent bitmap graphic, 9 x 9 x 24, image size 0, resolution 2834 x 2834 px/m | 0.5850340136054422 | ||
| RT_BITMAP | 0x1a983c | 0x126 | Device independent bitmap graphic, 9 x 9 x 24, image size 0, resolution 2834 x 2834 px/m | 0.5918367346938775 | ||
| RT_BITMAP | 0x1a9964 | 0x8c0 | Device independent bitmap graphic, 54 x 21 x 8, image size 1176 | Chinese | China | 0.40714285714285714 |
| RT_BITMAP | 0x1aa224 | 0x6cc | Device independent bitmap graphic, 52 x 13 x 8, image size 676 | Chinese | China | 0.5103448275862069 |
| RT_BITMAP | 0x1aa8f0 | 0x170 | Device independent bitmap graphic, 44 x 11 x 4, image size 264 | Chinese | China | 0.5869565217391305 |
| RT_BITMAP | 0x1aaa60 | 0x548 | Device independent bitmap graphic, 16 x 18 x 8, image size 288 | Chinese | China | 0.525887573964497 |
| RT_BITMAP | 0x1aafa8 | 0x478 | Device independent bitmap graphic, 6 x 10 x 8, image size 80 | Chinese | China | 0.541083916083916 |
| RT_BITMAP | 0x1ab420 | 0x6cc | Device independent bitmap graphic, 52 x 13 x 8, image size 676 | Chinese | China | 0.6752873563218391 |
| RT_BITMAP | 0x1abaec | 0xa88 | Device independent bitmap graphic, 96 x 17 x 8, image size 1632 | Chinese | China | 0.5459940652818991 |
| RT_BITMAP | 0x1ac574 | 0x5a8 | Device independent bitmap graphic, 21 x 16 x 8, image size 384 | Chinese | China | 0.56146408839779 |
| RT_BITMAP | 0x1acb1c | 0x938 | Device independent bitmap graphic, 72 x 18 x 8, image size 1296 | Chinese | China | 0.5199152542372881 |
| RT_BITMAP | 0x1ad454 | 0x47c | Device independent bitmap graphic, 1 x 21 x 8, image size 84 | Chinese | China | 0.519163763066202 |
| RT_BITMAP | 0x1ad8d0 | 0x6d8 | Device independent bitmap graphic, 8 x 86 x 8, image size 688 | Chinese | China | 0.375 |
| RT_BITMAP | 0x1adfa8 | 0x590 | Device independent bitmap graphic, 18 x 18 x 8, image size 360 | Chinese | China | 0.4978932584269663 |
| RT_BITMAP | 0x1ae538 | 0x6c | Device independent bitmap graphic, 8 x 1 x 4, image size 4 | Chinese | China | 0.7314814814814815 |
| RT_BITMAP | 0x1ae5a4 | 0x5d5a | Device independent bitmap graphic, 378 x 21 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.17557954640555695 |
| RT_BITMAP | 0x1b4300 | 0x50e | Device independent bitmap graphic, 37 x 29 x 8, image size 0, resolution 2834 x 2834 px/m, 23 important colors | Chinese | China | 0.15301391035548687 |
| RT_BITMAP | 0x1b4810 | 0x83c | Device independent bitmap graphic, 35 x 29 x 8, image size 1044 | Chinese | China | 0.4620493358633776 |
| RT_BITMAP | 0x1b504c | 0x83c | Device independent bitmap graphic, 35 x 29 x 8, image size 1044 | Chinese | China | 0.5028462998102466 |
| RT_BITMAP | 0x1b5888 | 0x46a | Device independent bitmap graphic, 45 x 8 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.08053097345132744 |
| RT_BITMAP | 0x1b5cf4 | 0x31e | Device independent bitmap graphic, 11 x 21 x 24, image size 0, resolution 2834 x 2834 px/m | Chinese | China | 0.30451127819548873 |
| RT_BITMAP | 0x1b6014 | 0x1e2 | Device independent bitmap graphic, 22 x 11 x 8, image size 0, resolution 2834 x 2834 px/m, 44 important colors | Chinese | China | 0.6244813278008299 |
| RT_ICON | 0x1b61f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | Chinese | China | 0.6587837837837838 |
| RT_ICON | 0x1b6320 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Chinese | China | 0.5658315565031983 |
| RT_ICON | 0x1b71c8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Chinese | China | 0.7197653429602888 |
| RT_ICON | 0x1b7a70 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Chinese | China | 0.3684971098265896 |
| RT_ICON | 0x1b7fd8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | Chinese | China | 0.38884123979652196 |
| RT_ICON | 0x1c8800 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | Chinese | China | 0.4819739331511457 |
| RT_ICON | 0x1d1ca8 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | Chinese | China | 0.4575563909774436 |
| RT_ICON | 0x1d8490 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | Chinese | China | 0.5074399260628466 |
| RT_ICON | 0x1dd918 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Chinese | China | 0.5247992442135097 |
| RT_ICON | 0x1e1b40 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.5431535269709543 |
| RT_ICON | 0x1e40e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.6357879924953096 |
| RT_ICON | 0x1e5190 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Chinese | China | 0.6979508196721311 |
| RT_ICON | 0x1e5b18 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.46099290780141844 |
| RT_DIALOG | 0x1e5f80 | 0x52 | data | 0.7682926829268293 | ||
| RT_STRING | 0x1e5fd4 | 0x144 | data | Chinese | China | 0.5771604938271605 |
| RT_STRING | 0x1e6118 | 0x1b0 | data | Chinese | China | 0.4375 |
| RT_STRING | 0x1e62c8 | 0xc4 | data | Chinese | China | 0.6785714285714286 |
| RT_STRING | 0x1e638c | 0x2a | data | Chinese | China | 0.5 |
| RT_STRING | 0x1e63b8 | 0xadc | data | 0.26187050359712233 | ||
| RT_STRING | 0x1e6e94 | 0x6a4 | data | 0.32235294117647056 | ||
| RT_STRING | 0x1e7538 | 0x3f4 | data | 0.39723320158102765 | ||
| RT_STRING | 0x1e792c | 0x384 | data | 0.3811111111111111 | ||
| RT_STRING | 0x1e7cb0 | 0x408 | data | 0.3943798449612403 | ||
| RT_STRING | 0x1e80b8 | 0x3b8 | data | 0.3329831932773109 | ||
| RT_STRING | 0x1e8470 | 0x36c | data | 0.4132420091324201 | ||
| RT_STRING | 0x1e87dc | 0x2c0 | data | 0.4275568181818182 | ||
| RT_STRING | 0x1e8a9c | 0x534 | data | 0.3918918918918919 | ||
| RT_STRING | 0x1e8fd0 | 0x354 | data | 0.3955399061032864 | ||
| RT_STRING | 0x1e9324 | 0x290 | data | 0.5442073170731707 | ||
| RT_STRING | 0x1e95b4 | 0x1d0 | data | 0.38146551724137934 | ||
| RT_STRING | 0x1e9784 | 0x16c | data | 0.532967032967033 | ||
| RT_STRING | 0x1e98f0 | 0x1e4 | Targa image data - Color 99 x 107 x 32 +68 +111 "z" | 0.5041322314049587 | ||
| RT_STRING | 0x1e9ad4 | 0x260 | data | 0.49835526315789475 | ||
| RT_STRING | 0x1e9d34 | 0xe8 | data | 0.5905172413793104 | ||
| RT_STRING | 0x1e9e1c | 0x128 | data | 0.5574324324324325 | ||
| RT_STRING | 0x1e9f44 | 0x2c8 | data | 0.45786516853932585 | ||
| RT_STRING | 0x1ea20c | 0x420 | data | 0.39204545454545453 | ||
| RT_STRING | 0x1ea62c | 0x388 | data | 0.39491150442477874 | ||
| RT_STRING | 0x1ea9b4 | 0x3ac | data | 0.33085106382978724 | ||
| RT_STRING | 0x1ead60 | 0x334 | data | 0.4317073170731707 | ||
| RT_STRING | 0x1eb094 | 0xd8 | data | 0.5648148148148148 | ||
| RT_STRING | 0x1eb16c | 0xbc | data | 0.5425531914893617 | ||
| RT_STRING | 0x1eb228 | 0x3cc | data | 0.3765432098765432 | ||
| RT_STRING | 0x1eb5f4 | 0x46c | data | 0.3215547703180212 | ||
| RT_STRING | 0x1eba60 | 0x334 | data | 0.3719512195121951 | ||
| RT_STRING | 0x1ebd94 | 0x310 | data | 0.36989795918367346 | ||
| RT_RCDATA | 0x1ec0a4 | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0x1ec0b4 | 0x934 | data | 0.6137521222410866 | ||
| RT_RCDATA | 0x1ec9e8 | 0x79d | Delphi compiled form 'TFrmEraserMessage' | 0.39148281169830684 | ||
| RT_RCDATA | 0x1ed188 | 0x3ba | Delphi compiled form 'TFrmLoad' | 0.519916142557652 | ||
| RT_RCDATA | 0x1ed544 | 0x6a6 | Delphi compiled form 'TFrmMessage' | 0.41245593419506466 | ||
| RT_RCDATA | 0x1edbec | 0x2bc | Delphi compiled form 'TfrmMgr' | 0.6114285714285714 | ||
| RT_RCDATA | 0x1edea8 | 0x306 | Delphi compiled form 'TfrmMSNPopForm' | 0.5943152454780362 | ||
| RT_RCDATA | 0x1ee1b0 | 0x7f1 | Delphi compiled form 'TFrmReg' | 0.3694048204623709 | ||
| RT_RCDATA | 0x1ee9a4 | 0x494 | Delphi compiled form 'TLoginDialog' | 0.4931740614334471 | ||
| RT_RCDATA | 0x1eee38 | 0x8b55 | Delphi compiled form 'TMainFrm' | 0.16154083377722953 | ||
| RT_RCDATA | 0x1f7990 | 0x3c4 | Delphi compiled form 'TPasswordDialog' | 0.4678423236514523 | ||
| RT_GROUP_CURSOR | 0x1f7d54 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7d68 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7d7c | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7d90 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7da4 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7db8 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7dcc | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7de0 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7df4 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7e08 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7e1c | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7e30 | 0x14 | data | 1.4 | ||
| RT_GROUP_CURSOR | 0x1f7e44 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x1f7e58 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x1f7e6c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x1f7e80 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x1f7e94 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x1f7ea8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x1f7ebc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x1f7ed0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_ICON | 0x1f7ee4 | 0xbc | data | Chinese | China | 0.6702127659574468 |
| DLL | Import |
|---|---|
| kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
| user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
| advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
| oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
| kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
| advapi32.dll | RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumKeyExA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges |
| kernel32.dll | lstrlenW, lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle |
| version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
| gdi32.dll | UnrealizeObject, TextOutW, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PathToRegion, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPath, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePatternBrush, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseFigure, BitBlt, BeginPath, Arc |
| user32.dll | CreateWindowExA, WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAscii, SystemParametersInfoA, SubtractRect, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScrollDC, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, NotifyWinEvent, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardFormatNameA, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
| ole32.dll | CoTaskMemFree, StringFromCLSID, CoCreateGuid |
| kernel32.dll | Sleep |
| oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
| ole32.dll | CreateStreamOnHGlobal, ReleaseStgMedium, OleGetClipboard, OleSetClipboard, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CreateDataAdviseHolder, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize |
| oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString |
| comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
| shell32.dll | ShellExecuteA |
| shell32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA |
| comdlg32.dll | GetSaveFileNameA, GetOpenFileNameA |
| winmm.dll | timeGetTime, timeEndPeriod, timeBeginPeriod |
| GDI32.DLL | GetRandomRgn |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| German | Germany |  |
| Chinese | China |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-26T12:07:12.528493+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
| 2024-12-26T12:07:13.448413+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
| 2024-12-26T12:07:13.448413+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | TCP |
| 2024-12-26T12:07:14.827336+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49732 | 104.21.42.145 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 26, 2024 12:07:11.180000067 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:11.180075884 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:11.180171967 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:11.219172955 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:11.219188929 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:12.528358936 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:12.528492928 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:12.530764103 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:12.530771017 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:12.531164885 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:12.577006102 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:12.674233913 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:12.676109076 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:12.676136017 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:13.448443890 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:13.448599100 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:13.448668957 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:13.470515966 CET | 49731 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:13.470547915 CET | 443 | 49731 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:13.543549061 CET | 49732 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:13.543600082 CET | 443 | 49732 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:13.543667078 CET | 49732 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:13.543958902 CET | 49732 | 443 | 192.168.2.4 | 104.21.42.145 |
| Dec 26, 2024 12:07:13.543972969 CET | 443 | 49732 | 104.21.42.145 | 192.168.2.4 |
| Dec 26, 2024 12:07:14.827336073 CET | 49732 | 443 | 192.168.2.4 | 104.21.42.145 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 26, 2024 12:07:10.849065065 CET | 57747 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 26, 2024 12:07:11.174725056 CET | 53 | 57747 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 26, 2024 12:07:10.849065065 CET | 192.168.2.4 | 1.1.1.1 | 0xbf21 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 26, 2024 12:07:11.174725056 CET | 1.1.1.1 | 192.168.2.4 | 0xbf21 | No error (0) | 104.21.42.145 | A (IP address) | IN (0x0001) | false | ||
| Dec 26, 2024 12:07:11.174725056 CET | 1.1.1.1 | 192.168.2.4 | 0xbf21 | No error (0) | 172.67.162.132 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49731 | 104.21.42.145 | 443 | 6864 | C:\Users\user\Desktop\5RRVBiCpFI.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-26 11:07:12 UTC | 264 | OUT | |
| 2024-12-26 11:07:12 UTC | 8 | OUT | |
| 2024-12-26 11:07:13 UTC | 1129 | IN | |
| 2024-12-26 11:07:13 UTC | 7 | IN | |
| 2024-12-26 11:07:13 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 06:06:57 |
| Start date: | 26/12/2024 |
| Path: | C:\Users\user\Desktop\5RRVBiCpFI.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2'369'536 bytes |
| MD5 hash: | 7FC182CA899A18D31E703DC27449A876 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 1.4% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 33.8% |
| Total number of Nodes: | 139 |
| Total number of Limit Nodes: | 13 |
Graph
Function 022FF96C Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B0C27 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B0667 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FE3CC Relevance: 6.1, APIs: 4, Instructions: 99memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FF23C Relevance: 4.8, APIs: 3, Instructions: 325memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 023005EA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FE4C7 Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E5BCC Relevance: 36.6, Strings: 29, Instructions: 348COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BAD64 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C1531 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D99D5 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E7D14 Relevance: 10.6, Strings: 8, Instructions: 636COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D5568 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D2C14 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DE17E Relevance: 7.8, Strings: 6, Instructions: 346COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D20E4 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DE218 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DE269 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DE25A Relevance: 6.6, Strings: 5, Instructions: 312COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CFAB4 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DD02B Relevance: 5.5, Strings: 4, Instructions: 523COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DD030 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BEB27 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CDA79 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E79D4 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C2D19 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CA0AC Relevance: 4.0, Strings: 3, Instructions: 234COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CB2A4 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BC474 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B5EA4 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DCCF4 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EE654 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C6E19 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FC674 Relevance: 2.3, Strings: 1, Instructions: 1066COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EB364 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CA802 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E8734 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CE1EE Relevance: 1.7, Strings: 1, Instructions: 445COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D74C4 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D3844 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B9C94 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CDDF5 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CEDA4 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BF859 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EF364 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C8C17 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C90B6 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DCC60 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CCC15 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EEE24 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C8C7F Relevance: 1.5, Strings: 1, Instructions: 244COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DBF04 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CF884 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D98D6 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EC2AB Relevance: 1.4, Strings: 1, Instructions: 129COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EE894 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EE9C4 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B4AD4 Relevance: .7, Instructions: 670COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B8214 Relevance: .7, Instructions: 665COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D0C14 Relevance: .6, Instructions: 640COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B54F4 Relevance: .6, Instructions: 600COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B8FE4 Relevance: .6, Instructions: 595COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B0000 Relevance: .5, Instructions: 476COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FAF78 Relevance: .4, Instructions: 429COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FC23C Relevance: .4, Instructions: 409COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B7524 Relevance: .4, Instructions: 400COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FBE6C Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CAE0E Relevance: .4, Instructions: 362COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BB234 Relevance: .4, Instructions: 351COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CF114 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E73C4 Relevance: .3, Instructions: 310COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B7D84 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022FD114 Relevance: .3, Instructions: 283COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C9474 Relevance: .3, Instructions: 262COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EA9D4 Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EF0B4 Relevance: .2, Instructions: 246COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022CF514 Relevance: .2, Instructions: 240COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EAED4 Relevance: .2, Instructions: 238COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E0C64 Relevance: .2, Instructions: 235COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EEBD4 Relevance: .2, Instructions: 227COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DAEDE Relevance: .2, Instructions: 206COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D04E4 Relevance: .2, Instructions: 204COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D65C1 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E7164 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C81D4 Relevance: .2, Instructions: 186COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E2A24 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DF0B2 Relevance: .2, Instructions: 169COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022ECB9C Relevance: .2, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DC97C Relevance: .2, Instructions: 157COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BA2C4 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BE44B Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C7846 Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BD9B5 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DC958 Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022ECB8F Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022ECB91 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D79C4 Relevance: .1, Instructions: 113COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DC928 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DDF90 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DA28D Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B1277 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BF2D6 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022ED4D5 Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C7E11 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B4704 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D6DF8 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022ECCC9 Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B1276 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C60D3 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E5164 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022DB4E4 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D6E80 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022E8508 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022C036F Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022BD8FD Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D89B1 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022B0FD7 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D9064 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D6D9E Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EC5E6 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D7C83 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D8006 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EDB35 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022EE068 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 022D6E6A Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|