Analysis Report dbeaver.exe
Overview
General Information
Detection
Score: | 24 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice |
---|
Sample may be VM or Sandbox-aware, try analysis on a native machine |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
PE / OLE file has a valid certificate | Show sources |
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6C6F35E94 | |
Source: | Code function: | 0_2_00007FF6C6F32A20 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FF6C6F41BD0 | |
Source: | Code function: | 0_2_00007FF6C6F36680 | |
Source: | Code function: | 0_2_00007FF6C6F34E90 | |
Source: | Code function: | 0_2_00007FF6C6F3D6A8 | |
Source: | Code function: | 0_2_00007FF6C6F44158 | |
Source: | Code function: | 0_2_00007FF6C6F44958 | |
Source: | Code function: | 0_2_00007FF6C6F43870 | |
Source: | Code function: | 0_2_00007FF6C6F42070 | |
Source: | Code function: | 0_2_00007FF6C6F3DC94 | |
Source: | Code function: | 0_2_00007FF6C6F41518 | |
Source: | Code function: | 0_2_00007FF6C6F4364C | |
Source: | Code function: | 0_2_00007FF6C6F38EE4 | |
Source: | Code function: | 0_2_00007FF6C6F46300 | |
Source: | Code function: | 0_2_00007FF6C6F36F30 | |
Source: | Code function: | 0_2_00007FF6C6F3654C | |
Source: | Code function: | 0_2_00007FF6C6F4094C | |
Source: | Code function: | 0_2_00007FF6C6F44D8C |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6C6F3FC90 |
Malware Analysis System Evasion: |
---|
Potential time zone aware malware | Show sources |
Source: | System information queried: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-9228 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF6C6F35E94 | |
Source: | Code function: | 0_2_00007FF6C6F32A20 |
Source: | API call chain: | graph_0-9230 |
Source: | Code function: | 0_2_00007FF6C6F383BC |
Source: | Code function: | 0_2_00007FF6C6F3FC90 |
Source: | Code function: | 0_2_00007FF6C6F46474 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF6C6F383BC | |
Source: | Code function: | 0_2_00007FF6C6F36F18 | |
Source: | Code function: | 0_2_00007FF6C6F3FF30 | |
Source: | Code function: | 0_2_00007FF6C6F36A00 |
Source: | Code function: | 0_2_00007FF6C6F3C7EC | |
Source: | Code function: | 0_2_00007FF6C6F3C0A8 | |
Source: | Code function: | 0_2_00007FF6C6F400D8 | |
Source: | Code function: | 0_2_00007FF6C6F40134 | |
Source: | Code function: | 0_2_00007FF6C6F3C348 | |
Source: | Code function: | 0_2_00007FF6C6F3C780 | |
Source: | Code function: | 0_2_00007FF6C6F3C294 | |
Source: | Code function: | 0_2_00007FF6C6F42AA0 | |
Source: | Code function: | 0_2_00007FF6C6F3C6EC | |
Source: | Code function: | 0_2_00007FF6C6F3C1AC | |
Source: | Code function: | 0_2_00007FF6C6F3C5DC |
Source: | Code function: | 0_2_00007FF6C6F38070 |
Source: | Code function: | 0_2_00007FF6C6F41BD0 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Path Interception | Path Interception | Virtualization/Sandbox Evasion1 | OS Credential Dumping | System Time Discovery12 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API2 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Security Software Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | File and Directory Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | System Information Discovery12 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 347768 |
Start date: | 03.02.2021 |
Start time: | 08:07:25 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | dbeaver.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus24.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.047360328974477 |
TrID: |
|
File name: | dbeaver.exe |
File size: | 421968 |
MD5: | b56bf7c40d3e84ca5557e6f9f9786cb3 |
SHA1: | eadaa2cdd7c8dd0f2978a8ea0b2fe45ae9d4dd26 |
SHA256: | 82d314c6d7c17dbbd8ba26241b82402f246da22aaaafc3418d04b6fc30872a10 |
SHA512: | c2486fdacab42218bfcf66b62f07481f1889efa04c97316dd6b101922fe7905ca5c95ad8a447c109f07e4f30374d3cc1b251f2ffe2e4ef5bf42622ced6fde996 |
SSDEEP: | 3072:rWquWTMBa39BAr9vfzb6ZhPd7z08qdK6D9qQWqXmF:TuWTaanSZzOZhVzWVDSF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j....|...|...|..0.r..|..0.c.'|......)|...|..E|..0.u..|..0.b./|..0.g./|..Rich.|..........PE..d....J,].........."......l......... |
File Icon |
---|
Icon Hash: | e8a6b531258c8cf4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x140003a14 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5D2C4A8F [Mon Jul 15 09:42:39 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 4cb0bcb130e5a05bcf628fec922fe4cf |
Authenticode Signature |
---|
Signature Valid: | true |
Signature Issuer: | CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 334A98F5FE4639AFB11AD5EA77FF367E |
Thumbprint SHA-1: | B994BB5D145459C197D1F7D34AAB24789FFE2458 |
Thumbprint SHA-256: | 92593F323CBC6DE10A454F2F46248A6BC35C400BB83EDB02427AE73379A1CD4B |
Serial: | 50D9C98DE6FA143E7D1411BB6E379FC3 |
Entrypoint Preview |
---|
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F0618ADCE78h |
dec eax |
add esp, 28h |
jmp 00007F0618AD867Bh |
int3 |
int3 |
dec eax |
test ecx, ecx |
je 00007F0618AD8859h |
push ebx |
dec eax |
sub esp, 20h |
dec esp |
mov eax, ecx |
dec eax |
mov ecx, dword ptr [0001A624h] |
xor edx, edx |
call dword ptr [00014654h] |
test eax, eax |
jne 00007F0618AD8839h |
call 00007F0618ADBBECh |
dec eax |
mov ebx, eax |
call dword ptr [0001463Ah] |
mov ecx, eax |
call 00007F0618ADBB94h |
mov dword ptr [ebx], eax |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
int3 |
int3 |
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
cmp ecx, FFFFFFE0h |
jnbe 00007F0618AD889Eh |
mov edi, 00000001h |
dec eax |
test ecx, ecx |
dec eax |
cmovne edi, ecx |
dec eax |
mov ecx, dword ptr [0001A5CDh] |
dec eax |
test ecx, ecx |
jne 00007F0618AD8842h |
call 00007F0618ADBEE0h |
mov ecx, 0000001Eh |
call 00007F0618ADBCAEh |
mov ecx, 000000FFh |
call 00007F0618AD8900h |
dec eax |
mov ecx, dword ptr [0001A5A8h] |
dec esp |
mov eax, edi |
xor edx, edx |
call dword ptr [000145DDh] |
dec eax |
mov esi, eax |
dec eax |
test eax, eax |
jne 00007F0618AD884Eh |
cmp dword ptr [0001A59Fh], eax |
je 00007F0618AD8830h |
dec eax |
mov ecx, ebx |
call 00007F0618ADCE76h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1b2f8 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x21000 | 0x47d90 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x20000 | 0xef4 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x65e00 | 0x1250 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x69000 | 0x200 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x18000 | 0x328 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x16a07 | 0x16c00 | False | 0.553828983516 | zlib compressed data | 6.32672377634 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x18000 | 0x3d8a | 0x3e00 | False | 0.39314516129 | data | 5.32901592653 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1c000 | 0x3c58 | 0x1c00 | False | 0.186802455357 | data | 2.20987381275 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x20000 | 0xef4 | 0x1000 | False | 0.479248046875 | data | 4.82830588581 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x21000 | 0x47d90 | 0x47e00 | False | 0.0541202445652 | data | 2.3032042568 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x69000 | 0x5de | 0x600 | False | 0.261067708333 | data | 2.45367038558 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x21210 | 0xea8 | data | English | United States |
RT_ICON | 0x220b8 | 0x8a8 | data | English | United States |
RT_ICON | 0x22960 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x22ec8 | 0x25a8 | data | English | United States |
RT_ICON | 0x25470 | 0x10a8 | data | English | United States |
RT_ICON | 0x26518 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x26980 | 0x42028 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 16777215, next used block 16777215 | English | United States |
RT_GROUP_ICON | 0x689a8 | 0x68 | data | English | United States |
RT_MANIFEST | 0x68a10 | 0x37c | XML 1.0 document, ASCII text | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | WideCharToMultiByte, FindClose, FindNextFileW, FindFirstFileW, LoadLibraryExW, GetModuleHandleW, LoadLibraryW, GetModuleFileNameW, GetProcAddress, CreateFileA, GetProcessHeap, SetEndOfFile, ReadFile, WriteConsoleW, FreeLibrary, MultiByteToWideChar, GetLastError, HeapFree, HeapAlloc, Sleep, ExitProcess, EnterCriticalSection, LeaveCriticalSection, GetFullPathNameW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, HeapReAlloc, SetUnhandledExceptionFilter, WriteFile, GetStdHandle, GetModuleFileNameA, RtlUnwindEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, HeapSetInformation, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, GetCurrentDirectoryA, GetDriveTypeA, LCMapStringW, CloseHandle, HeapSize, GetLocaleInfoW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, LCMapStringA, GetTimeZoneInformation, SetStdHandle, CreateFileW, CompareStringW, SetEnvironmentVariableA, SetEnvironmentVariableW, WriteConsoleA, GetConsoleOutputCP, CompareStringA |
USER32.dll | CreateWindowExW, SetClassLongPtrW, MessageBoxW, LoadIconW |
COMCTL32.dll |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 08:08:15 |
Start date: | 03/02/2021 |
Path: | C:\Users\user\Desktop\dbeaver.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c6f30000 |
File size: | 421968 bytes |
MD5 hash: | B56BF7C40D3E84CA5557E6F9F9786CB3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 11.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 12.8% |
Total number of Nodes: | 541 |
Total number of Limit Nodes: | 50 |
Graph
Executed Functions |
---|
Function 00007FF6C6F35E94, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 247COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F44158, Relevance: 36.5, APIs: 24, Instructions: 546fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F32A20, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 151fileCOMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F41BD0, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 301COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3C7EC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 161COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3D6A8, Relevance: 4.7, APIs: 3, Instructions: 201COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F44958, Relevance: 4.6, APIs: 3, Instructions: 90COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F34E90, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F31190, Relevance: 22.7, APIs: 9, Strings: 6, Instructions: 236COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F32060, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 164COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F32490, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F31C30, Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 132COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F33670, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62windowlibraryCOMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F470B8, Relevance: 13.8, APIs: 9, Instructions: 256COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3F1F4, Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 215COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F31670, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F355FC, Relevance: 6.1, APIs: 4, Instructions: 122COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F32686, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F37FA0, Relevance: 4.5, APIs: 3, Instructions: 35memorythreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F40800, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F408B0, Relevance: 3.0, APIs: 2, Instructions: 48COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F378D4, Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F37514, Relevance: 2.6, APIs: 2, Instructions: 81COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F399F4, Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F456B8, Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F33620, Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F386D0, Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F39B6C, Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F39A60, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F31F10, Relevance: 1.3, APIs: 1, Instructions: 27COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00007FF6C6F4094C, Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3FC90, Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F44D8C, Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 378COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F41518, Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3DC94, Relevance: 24.0, APIs: 6, Strings: 7, Instructions: 1237COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F46474, Relevance: 18.1, APIs: 12, Instructions: 115memoryfileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F38EE4, Relevance: 15.7, APIs: 10, Instructions: 726COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F46300, Relevance: 15.1, APIs: 10, Instructions: 106COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F36F30, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F43870, Relevance: 12.2, APIs: 8, Instructions: 228COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F36A00, Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F4364C, Relevance: 10.6, APIs: 7, Instructions: 138COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F383BC, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3C0A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F38070, Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3654C, Relevance: 4.6, APIs: 3, Instructions: 94COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3C6EC, Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3C780, Relevance: 1.5, APIs: 1, Instructions: 35COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F42AA0, Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3A6F4, Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F45B80, Relevance: 30.5, APIs: 20, Instructions: 485COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F42AF4, Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F35AEC, Relevance: 15.1, APIs: 10, Instructions: 108COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3D468, Relevance: 15.1, APIs: 10, Instructions: 92COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F346B4, Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3CBF8, Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F332F0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F410AC, Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F4138C, Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3DA20, Relevance: 12.1, APIs: 8, Instructions: 79COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F458CC, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 195COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F38288, Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3BAC0, Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F455A4, Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F37DC0, Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3ABD0, Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F385B0, Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3D158, Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F43BEC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F33B50, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F34CA8, Relevance: 6.4, APIs: 5, Instructions: 134COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F350D0, Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F4322C, Relevance: 6.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F33090, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 89COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F36290, Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F430D8, Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF6C6F3D238, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |