Analysis Report CVE-2017-0213_x64.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
EXPL_Exploit_TLB_Scripts | Detects malicious TLB files which may be delivered via Visual Studio projects | Rich Warren (slightly modified by Florian Roth) |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
- • AV Detection
- • Compliance
- • Spreading
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample |
Source: | Avira: |
Multi AV Scanner detection for submitted file |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Compliance: |
---|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Source: | Static PE information: |
Binary contains paths to debug symbols |
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF7D8C90E44 |
Source: | Code function: | 0_2_00007FF7D8C82040 |
Source: | Code function: | 0_2_00007FF7D8C84370 |
Source: | Code function: | 0_2_00007FF7D8C829E0 | |
Source: | Code function: | 0_2_00007FF7D8C82650 | |
Source: | Code function: | 0_2_00007FF7D8C979B8 | |
Source: | Code function: | 0_2_00007FF7D8C93ADC | |
Source: | Code function: | 0_2_00007FF7D8C93620 | |
Source: | Code function: | 0_2_00007FF7D8C85A4C | |
Source: | Code function: | 0_2_00007FF7D8C8D7F0 | |
Source: | Code function: | 0_2_00007FF7D8C90C14 | |
Source: | Code function: | 0_2_00007FF7D8C84370 | |
Source: | Code function: | 0_2_00007FF7D8C8A744 | |
Source: | Code function: | 0_2_00007FF7D8C8A4B0 |
Source: | Matched rule: |
Source: | Binary string: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF7D8C82650 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7D8C90E44 |
Source: | Code function: | 0_2_00007FF7D8C8C7EC |
Source: | Code function: | 0_2_00007FF7D8C92D38 |
Source: | Code function: | 0_2_00007FF7D8C850D4 | |
Source: | Code function: | 0_2_00007FF7D8C84E14 | |
Source: | Code function: | 0_2_00007FF7D8C85968 | |
Source: | Code function: | 0_2_00007FF7D8C8C7EC | |
Source: | Code function: | 0_2_00007FF7D8C857CC |
Source: | Code function: | 0_2_00007FF7D8C976D0 |
Source: | Code function: | 0_2_00007FF7D8C856B4 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation | Valid Accounts1 | Valid Accounts1 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Access Token Manipulation1 | Valid Accounts1 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Process Injection1 | Access Token Manipulation1 | Security Account Manager | Security Software Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | File and Directory Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | System Information Discovery12 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
82% | Virustotal | Browse | ||
64% | Metadefender | Browse | ||
87% | ReversingLabs | Win64.Exploit.CVE-2017-0213 | ||
100% | Avira | EXP/CVE-2017-0213.lsswl |
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110012 | Download File | ||
100% | Avira | HEUR/AGEN.1110012 | Download File |
No Antivirus matches |
---|
No Antivirus matches |
---|
No contacted domains info |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356155 |
Start date: | 22.02.2021 |
Start time: | 17:08:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | CVE-2017-0213_x64.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.winEXE@2/5@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
No simulations |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Process: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1652 |
Entropy (8bit): | 2.0304814982445825 |
Encrypted: | false |
SSDEEP: | 12:o/q0xoMlfs8GCiTtVtiiiiiEITaiAjTHrCGilZW81/q0xoMlRnq+Dc7SIuiiiiif:dRTWBg81q+0 |
MD5: | 0EDBFF99CA4BAD230CAEB2DC417FF5B7 |
SHA1: | 6AE027C6D24DB2FFE99B37B0CC47350E8C8C87DA |
SHA-256: | 88944215295259748AB72525B7AC5480822A37B055E7DD2951840CAEA3DBB1F0 |
SHA-512: | 46927A23209CF1649620A076BFD70F057A978BC97266E7809EA4B473C7BA11F8886B68C9D9AE528E5190D71C95988CAEA5DAB72F4783878849A3B2301F5745BF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1344 |
Entropy (8bit): | 2.501902083499124 |
Encrypted: | false |
SSDEEP: | 12:o/q0ssXK0c7yTcADiiiiiiEHauuUFGzCx8us1zil/pMAlbl:kGA4uUFvWusq/2ybl |
MD5: | 3C77DEDDD0073F1F5E23A1F9B00C42D1 |
SHA1: | 61BF1176261594F46EF8B7E98EC946EF1004E4F1 |
SHA-256: | 0687DB49092048F3CFFFDB4B41E6BBDE59373A31BE3079F68EBFD44420538B72 |
SHA-512: | 2B94D9C4EA5904C5CFDBCD90D4EF472F88428536A9A8C27BD6C14C0BA176750025780E45B20EE2FD170EF81F542AA76FE0CEA79597E5857B1C3E5750FAC8BA93 |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1772 |
Entropy (8bit): | 2.380028278955225 |
Encrypted: | false |
SSDEEP: | 12:o/q0s8sovi4FtGCiiiiiEIDauuUFGzCx8us1zil/pMA56y/q0ssXK0c7yTcADii8:RluUFvWusq/2c6WGA4uc |
MD5: | B738824C0FFEE4218E4981C8CBBBB0D5 |
SHA1: | 034487900E356934D0248E64316A201B3ABA3FC1 |
SHA-256: | BFFAD0BD518D2B340FD43BCA88FE19771D48412D9E735BA85B8C0A6659F19585 |
SHA-512: | 782022B244EF5082937DB3AD26F69F7F85CFE4477E902656465F365147B1E8BD92F860410024019F5CBC0976240E3AE98A72FF2C5820C830A0DBE0E355D34D09 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 340 |
Entropy (8bit): | 5.359036859891913 |
Encrypted: | false |
SSDEEP: | 6:TM3ZUoBGdpoF47z7ZG1zf3gIpNXn4Op7aiCF/isVVIKB1K+imPG1MiOzov:TM3ZUoWp98FfwIzIOpAwSBEGG1MiAov |
MD5: | CE77490E168BB55CF52ABE4790356B22 |
SHA1: | ED1CA456AEFCADCE74E22055B88BFA580A7097FA |
SHA-256: | 0BD8A9E9FEC8A77673A3F062E7FB0398453D17BA81F011227348BF486273B46A |
SHA-512: | 38D28210E0D5DAEFC8E90FEEE83E8104FE97AC613142A6FA20A3163456CF1790D8BED0D363D00336103EF98DCBC79B88AABA4987E4E0DDE2378782CC04DF9A93 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7636 |
Entropy (8bit): | 4.854134449168197 |
Encrypted: | false |
SSDEEP: | 96:xmbdi+H9i9W1VVgnuGVdu79OOOpddu79MhtX:xmbdJH9i9WdgpVQ79OVpdQ79MrX |
MD5: | F79C2677707825EAFE1F590D87D791A5 |
SHA1: | 8FE1A45DD0B29F29DD2BDC1167734A80EED6E471 |
SHA-256: | 0871ED8B24678BE26726F1FE2BADF567B2EFC8B75295F20F5C96AE9E50418E34 |
SHA-512: | 0663D951911E245DC995E557CAB0DE331BC495694907F0B1D3203A547A4C011112B4028936DAE54FB24C908C991705A4D2CC06F5F905F7178F8D15683A659366 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.15875815513617 |
TrID: |
|
File name: | CVE-2017-0213_x64.exe |
File size: | 160768 |
MD5: | 25e62ef07aa497ff4b13549bc6639e19 |
SHA1: | c8cee35f713031ca109dffae4fbede766d427e08 |
SHA256: | aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc |
SHA512: | 281a723c3ebfb369ad5bb73e18de0654e9ed1df25af49fcceaafe5afe425975c688eb4df4934b386b5532949f4bea6e688e33b599739e40ac381484e766fce5f |
SSDEEP: | 3072:xcvrKSBuRWy3ALuEG8IFtMH673vxuElWazC9qPldFvsE8iw7c:Yfgwy3ALtI/G6rvAEl+9qPmEPMc |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Uv.q;%.q;%.q;%..8$.q;%..?$.q;%..>$.q;%..8$.q;%..?$.q;%..>$.q;%..=$.q;%..:$.q;%.q:%.q;%-.2$.q;%-..%.q;%-.9$.q;%Rich.q;%....... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
General | |
---|---|
Entrypoint: | 0x140005268 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x59367272 [Tue Jun 6 09:14:26 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 910202062831ea4355f35cff4b6c74d4 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F778CD7ABB8h |
dec eax |
add esp, 28h |
jmp 00007F778CD7A5EBh |
int3 |
int3 |
dec eax |
jmp dword ptr [000140B5h] |
int3 |
jmp 00007F778CD7A47Ch |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007F778CD7B0E8h |
test eax, eax |
je 00007F778CD7A793h |
dec eax |
mov eax, dword ptr [00000030h] |
dec eax |
mov ecx, dword ptr [eax+08h] |
jmp 00007F778CD7A777h |
dec eax |
cmp ecx, eax |
je 00007F778CD7A786h |
xor eax, eax |
dec eax |
cmpxchg dword ptr [00021E30h], ecx |
jne 00007F778CD7A760h |
xor al, al |
dec eax |
add esp, 28h |
ret |
mov al, 01h |
jmp 00007F778CD7A769h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
movzx eax, byte ptr [00021E4Bh] |
test ecx, ecx |
mov ebx, 00000001h |
cmove eax, ebx |
mov byte ptr [00021E3Bh], al |
call 00007F778CD7AED7h |
call 00007F778CD7D622h |
test al, al |
jne 00007F778CD7A776h |
xor al, al |
jmp 00007F778CD7A786h |
call 00007F778CD83181h |
test al, al |
jne 00007F778CD7A77Bh |
xor ecx, ecx |
call 00007F778CD7D63Eh |
jmp 00007F778CD7A75Ch |
mov al, bl |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
int3 |
int3 |
dec eax |
mov dword ptr [esp+08h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 40h |
cmp byte ptr [00021DBCh], 00000000h |
mov ebx, ecx |
jne 00007F778CD7A821h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x247fc | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2a000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x28000 | 0x171c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2b000 | 0x680 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x21d60 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x21dd0 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x19000 | 0x338 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x17d0e | 0x17e00 | False | 0.553184309555 | data | 6.43357407224 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x19000 | 0xc292 | 0xc400 | False | 0.455855389031 | data | 4.97134017407 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x26000 | 0x1e50 | 0xc00 | False | 0.193359375 | data | 2.59145204102 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x28000 | 0x171c | 0x1800 | False | 0.463216145833 | PEX Binary Archive | 5.0832833246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2a000 | 0x1e0 | 0x200 | False | 0.53125 | data | 4.71767883295 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2b000 | 0x680 | 0x800 | False | 0.52294921875 | data | 4.90905240913 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0x2a060 | 0x17d | XML 1.0 document text | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetModuleFileNameW, LocalAlloc, CreateFileW, ProcessIdToSessionId, FormatMessageW, DeleteFileW, WriteFile, GetProcAddress, LocalFree, GetFileSize, GetCurrentProcessId, GetModuleHandleW, GetCurrentProcess, QueryDosDeviceW, ReadFile, CloseHandle, CreateDirectoryW, WriteConsoleW, SetFilePointerEx, HeapReAlloc, HeapSize, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetProcessHeap, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, GetLastError, MultiByteToWideChar, WideCharToMultiByte, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwindEx, RtlPcToFileHeader, EncodePointer, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetStdHandle, GetCommandLineA, GetCommandLineW, GetACP, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, GetStringTypeW, FindClose, FindFirstFileExW |
ADVAPI32.dll | OpenProcessToken, CreateProcessAsUserW, DuplicateTokenEx, SetTokenInformation |
ole32.dll | CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree, CoMarshalInterface, CoInitializeSecurity, CoGetStdMarshalEx, StringFromIID |
OLEAUT32.dll | VariantClear, LoadTypeLib, SysFreeString, CreateTypeLib2, SysAllocStringByteLen, SysAllocString, SysStringLen |
SHLWAPI.dll | PathRemoveFileSpecW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 17:09:02 |
Start date: | 22/02/2021 |
Path: | C:\Users\user\Desktop\CVE-2017-0213_x64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d8c80000 |
File size: | 160768 bytes |
MD5 hash: | 25E62EF07AA497FF4B13549BC6639E19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
LPC Port Activities
Start time: | 17:09:02 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
LPC Port Activities
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 12.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 8.8% |
Total number of Nodes: | 1148 |
Total number of Limit Nodes: | 17 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |