Edit tour

Windows Analysis Report
TRIBUTE 25.exe

Overview

General Information

Sample name:	TRIBUTE 25.exe
Analysis ID:	1658200
MD5:	cae1bf99053df12215c7c3b0740a67ea
SHA1:	706a8420df0232cf1161b9b20eaa6df767435a71
SHA256:	a67b1d11f86c2e44573e25cfa38c1a5ed7db58793e8beb31c9ec029cb240b98a

Detection

Score:	1
Range:	0 - 100
Confidence:	60%

Signatures

PE file contains sections with non-standard names

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

TRIBUTE 25.exe (PID: 7752 cmdline: "C:\Users\user\Desktop\TRIBUTE 25.exe" MD5: CAE1BF99053DF12215C7C3B0740A67EA)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: TRIBUTE 25.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\rober\source\repos\TRIBUTE 2\x64\Release\TRIBUTE 25.pdb__ source: TRIBUTE 25.exe
Source:	Binary string: C:\Users\rober\source\repos\TRIBUTE 2\x64\Release\TRIBUTE 25.pdb source: TRIBUTE 25.exe

Source: classification engine

Classification label: clean1.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\TRIBUTE 25.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: TRIBUTE 25.exe

String found in binary or memory: label71-Additional MTLS Hashes!cb_ledCornerPost!LED Corner Post?

Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: libxl.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\TRIBUTE 25.exe	Section loaded: vcruntime140_1.dll	Jump to behavior

Source: TRIBUTE 25.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: TRIBUTE 25.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: TRIBUTE 25.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: TRIBUTE 25.exe

Static file information: File size 16341504 > 1048576

Source: TRIBUTE 25.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2e8e00
Source: TRIBUTE 25.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xaf4800
Source: TRIBUTE 25.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x104a00

Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: TRIBUTE 25.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: TRIBUTE 25.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: TRIBUTE 25.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\rober\source\repos\TRIBUTE 2\x64\Release\TRIBUTE 25.pdb__ source: TRIBUTE 25.exe
Source:	Binary string: C:\Users\rober\source\repos\TRIBUTE 2\x64\Release\TRIBUTE 25.pdb source: TRIBUTE 25.exe

Source: TRIBUTE 25.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: TRIBUTE 25.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: TRIBUTE 25.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: TRIBUTE 25.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: TRIBUTE 25.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: TRIBUTE 25.exe

Static PE information: section name: .nep

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1658200
Start date and time:	2025-04-07 12:44:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	TRIBUTE 25.exe
Detection:	CLEAN
Classification:	clean1.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.204.23.20, 4.245.163.56
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.243260625034032
TrID:	Win64 Executable GUI (202006/5) 84.33% Win64 Executable (generic) Net Framework (21505/4) 8.98% Win64 Executable (generic) (12005/4) 5.01% Generic Win/DOS Executable (2004/3) 0.84% DOS Executable Generic (2002/1) 0.84%
File name:	TRIBUTE 25.exe
File size:	16'341'504 bytes
MD5:	cae1bf99053df12215c7c3b0740a67ea
SHA1:	706a8420df0232cf1161b9b20eaa6df767435a71
SHA256:	a67b1d11f86c2e44573e25cfa38c1a5ed7db58793e8beb31c9ec029cb240b98a
SHA512:	4cc02460a64d66d8f1d93dbd2a4101bcf2f3732e050d6dae6e8c571f1d8a332cee9e32c876d3bc1848e38b5dfa28aaad176e4579e64c15b1bee65df1b4cde2c1
SSDEEP:	49152:apqASarJjXfKAhPhyggnrsF/qVPAnM4boZfGLHNrPjq5/Qwc9cIBJS+8roZ1gew0:KqLszfKAhPcAxbMuBw
TLSH:	A3F6F82A333A8363C8677BB78453B961A2367C457BC6B34200EBB5271FE234D8B67545
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..8%..k%..k%..k,.<k5..k;.<k'..k4c.j&..k4c.j"..k4c.j8..k4c.j"..kn..j$..kn..j)..k...j'..k%..k...k.b.j,..k.b.j...k.bPk$..k%.8k$..

File Icon


Icon Hash:	0020019230008200

Static PE Info

General

Entrypoint:	0x1402e7dc2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67F32695 [Mon Apr 7 01:12:53 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	3e493ecd4d6116aac87a285859c39f31

Entrypoint Preview

Instruction
jmp dword ptr [0005BC50h]
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
jmp eax
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
jmp dword ptr [0005BC62h]
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
lea ecx, dword ptr [edx+00000058h]
jmp 00007FF3C0B56CB9h
int3
int3
int3
int3
inc eax
push ebp
dec eax
sub esp, 20h
dec eax
mov ebp, edx
mov eax, dword ptr [ebp+20h]
and eax, 01h
test eax, eax
je 00007FF3C0B4B86Fh
and dword ptr [ebp+20h], FFFFFFFEh
dec eax
mov ecx, dword ptr [ebp+30h]
call 00007FF3C0B56C95h
dec eax
add esp, 20h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
lea ecx, dword ptr [edx+00000038h]
jmp 00007FF3C0B56C79h
int3
int3
int3
int3
dec eax
lea ecx, dword ptr [edx+00000038h]
jmp 00007FF3C0B56C69h
int3
int3
int3
int3
dec eax
lea ecx, dword ptr [edx+00000038h]
jmp 00007FF3C0B56C59h
int3
int3
int3
int3
dec eax
lea ecx, dword ptr [edx+00000038h]
jmp 00007FF3C0B56C49h

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe33fdc	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xea6000	0x1048c8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xea4000	0x11ac	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfab000	0x444	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x361110	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xdd7580	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x360fd0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x343000	0xa58	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x353738	0x48	.rdata
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2e8cb8	0x2e8e00	f540b5e1188cb1431ea660835f9e35e2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.nep	0x2ea000	0x584d0	0x58600	1aec028c00d88edc561d3c00c2c73aaa	False	0.004373121463932108	DOS executable (COM)	3.98640490337177	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x343000	0xaf47d0	0xaf4800	a086f9b108bc0cb14b857c2e44b99331	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe38000	0x6bc54	0x59800	06edc4f36f44decaad7848d4f8b6299a	False	0.1148633903631285	DOS executable (block device driver)	3.239859415694883	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0xea4000	0x11ac	0x1200	fecc5dd73f3a63e2e2592b5b9dc5ec1a	False	0.5425347222222222	data	5.57451983162031	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xea6000	0x1048c8	0x104a00	070f2c2ed115f0b60698a83b962c0d1a	False	0.021816921462829736	data	0.5884953913032546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfab000	0x444	0x600	5d034280ec536fead7f848e73f4f3e8b	False	0.4869791666666667	data	4.381287149630236	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xea61c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	Great Britain	0.2296099290780142
RT_ICON	0xea6628	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	Great Britain	0.19959016393442622
RT_ICON	0xea6fb0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	Great Britain	0.17166979362101314
RT_ICON	0xea8058	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	Great Britain	0.125
RT_GROUP_ICON	0xeaa600	0x3e	data	English	Great Britain	0.8064516129032258
RT_MANIFEST	0xfaa740	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143
None	0xeaa640	0x100100	ASCII text, with very long lines (65536), with no line terminators	English	Great Britain	0.018833160400390625

Imports

DLL	Import
MSVCP140.dll	?_Xbad_function_call@std@@YAXXZ, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?id@?$collate@D@std@@2V0locale@2@A, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?id@?$ctype@D@std@@2V0locale@2@A, ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Id_cnt@id@locale@std@@0HA, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?rdstate@ios_base@std@@QEBAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UEAAXXZ, ?setf@ios_base@std@@QEAAHH@Z, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z, _Cnd_do_broadcast_at_thread_exit, _Thrd_detach, ?_Throw_Cpp_error@std@@YAXH@Z, ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z, ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ, ?_Winerror_map@std@@YAHH@Z, ?__ExceptionPtrDestroy@@YAXPEAX@Z, ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z, ?_Xlength_error@std@@YAXPEBD@Z, ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?_Xbad_alloc@std@@YAXXZ, ?setf@ios_base@std@@QEAAHHH@Z, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z, ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?_Xout_of_range@std@@YAXPEBD@Z, ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ, ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ, ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ, ??0_Lockit@std@@QEAA@H@Z, ??1_Lockit@std@@QEAA@XZ, ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z, ?uncaught_exception@std@@YA_NXZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?good@ios_base@std@@QEBA_NXZ, ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z, ?width@ios_base@std@@QEBA_JXZ, ?flags@ios_base@std@@QEBAHXZ, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?width@ios_base@std@@QEAA_J_J@Z, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z, ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z, ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z, ??0facet@locale@std@@IEAA@_K@Z, ??1facet@locale@std@@MEAA@XZ, ?is@?$ctype@D@std@@QEBA_NFD@Z, ?tolower@?$ctype@D@std@@QEBADD@Z, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z, ?_Xinvalid_argument@std@@YAXPEBD@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ, ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z, ??0_Locinfo@std@@QEAA@PEBD@Z, ??1_Locinfo@std@@QEAA@XZ, ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z, ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z, ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z, ??Bios_base@std@@QEBA_NXZ, ?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ, ?fail@ios_base@std@@QEBA_NXZ, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z, ??7ios_base@std@@QEBA_NXZ, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, _Strcoll, _Strxfrm, ?_Syserror_map@std@@YAPEBDH@Z
api-ms-win-crt-string-l1-1-0.dll	strncmp, _stricmp, toupper, tolower
api-ms-win-crt-stdio-l1-1-0.dll	fputc, fread, _fseeki64, fgetpos, fclose, fwrite, ungetc, _get_stream_buffer_pointers, setvbuf, __stdio_common_vsscanf, __stdio_common_vfprintf, __acrt_iob_func, __stdio_common_vsprintf_s, fsetpos, fflush, fseek, feof, ferror, fopen_s, ftell, fgetc, __stdio_common_vsprintf
api-ms-win-crt-heap-l1-1-0.dll	free, calloc, realloc, _callnewh, malloc
KERNEL32.dll	Sleep, OpenProcess, ReadProcessMemory, WriteProcessMemory, VirtualProtectEx, VirtualQueryEx, Module32First, GetProcessId, K32EnumProcessModules, Process32NextW, CloseHandle, Process32FirstW, CreateToolhelp32Snapshot, K32GetModuleFileNameExA, K32GetModuleInformation, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetLocaleInfoEx, FormatMessageA, LocalFree, CreateSymbolicLinkW, GetFileInformationByHandleEx, CreateHardLinkW, MoveFileExW, CopyFileW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, K32EnumProcessModulesEx, CreateDirectoryExW, GetProcAddress, DeviceIoControl, AreFileApisANSI, GetTempPathW, SetFileTime, SetFileInformationByHandle, SetFileAttributesW, GetFullPathNameW, GetFinalPathNameByHandleW, GetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, GetDiskFreeSpaceExW, FindNextFileW, FindFirstFileExW, FindFirstFileW, FindClose, CreateFileW, CreateDirectoryW, GetCurrentDirectoryW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, SetCurrentDirectoryW, MultiByteToWideChar, GetModuleHandleExA, FindResourceA, LoadResource, SizeofResource, LockResource, CreateDirectoryA, GetLastError, WideCharToMultiByte
api-ms-win-crt-runtime-l1-1-0.dll	_configure_narrow_argv, _execute_onexit_table, _crt_atexit, _register_onexit_function, abort, _crt_at_quick_exit, _cexit, _seh_filter_dll, _beginthreadex, terminate, _invalid_parameter_noinfo_noreturn, _wassert, _errno, _initialize_narrow_environment, exit, _initialize_onexit_table
VCRUNTIME140.dll	_purecall, __CxxFrameHandler3, __std_exception_copy, __std_exception_destroy, __current_exception_context, memmove, strchr, __FrameUnwindFilter, memchr, memcmp, _CxxThrowException, __CxxQueryExceptionSize, __C_specific_handler, __current_exception, __CxxExceptionFilter, __CxxUnregisterExceptionObject, memset, memcpy, __CxxDetectRethrow, __CxxRegisterExceptionObject
libxl.dll	xlCreateBookA
USER32.dll	SetWindowRgn
GDI32.dll	DeleteObject, CreateRoundRectRgn
SHELL32.dll	SHCreateItemFromParsingName
ole32.dll	CoCreateInstance, CoUninitialize, CoTaskMemAlloc, CoTaskMemFree, CoInitializeEx
WS2_32.dll	ntohl, ntohs
api-ms-win-crt-filesystem-l1-1-0.dll	_unlock_file, _lock_file, rename, _stat64i32, remove
api-ms-win-crt-convert-l1-1-0.dll	strtoul, strtol, strtoull, strtod, atoi, mbstowcs, atof, strtoll, strtof
api-ms-win-crt-math-l1-1-0.dll	_dsign, _dtest, ldexp, ceilf
api-ms-win-crt-locale-l1-1-0.dll	___lc_codepage_func, localeconv
VCRUNTIME140_1.dll	__CxxFrameHandler4
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

• TRIBUTE 25.exe

Click to jump to process

Memory Usage

• TRIBUTE 25.exe

Click to jump to process

System Behavior

Analysis Process: TRIBUTE 25.exePID: 7752, Parent PID: 3964

Function Logs