Windows Analysis Report Agent.Listener.exe
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF6D7BD6080 | |
Source: | Code function: | 0_2_00007FF6D7BE2C28 | |
Source: | Code function: | 0_2_00007FF6D7BDFAC0 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6D7BDE070 |
Source: | Code function: | 0_2_00007FF6D7BE2C28 |
Source: | API coverage: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF6D7BDE070 |
Source: | Code function: | 0_2_00007FF6D7BE3F18 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF6D7BE39C0 | |
Source: | Code function: | 0_2_00007FF6D7BE40C0 | |
Source: | Code function: | 0_2_00007FF6D7BE3BFC | |
Source: | Code function: | 0_2_00007FF6D7BE3F18 |
Source: | Code function: | 0_2_00007FF6D7BE4108 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Application Shimming1 | Process Injection1 | Process Injection1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Application Shimming1 | Deobfuscate/Decode Files or Information1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | ReversingLabs |
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No contacted domains info |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 502173 |
Start date: | 13.10.2021 |
Start time: | 17:20:16 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Agent.Listener.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean4.winEXE@2/1@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
No simulations |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Process: | C:\Users\user\Desktop\Agent.Listener.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 92 |
Entropy (8bit): | 4.434292017694067 |
Encrypted: | false |
SSDEEP: | 3:V2MQrfdA+WFKBWRT5jAuN2+WkDR18YBCen:VgfCpQgRT5jAuN2RkDrCe |
MD5: | 6872083123A90B552CD8BA7700EFA38B |
SHA1: | 8536D79934C2E43275C83E0687CF1E2BE1F0AF54 |
SHA-256: | 61B777981E059E1FDB95106EF0DC358C9AED3FF98BC8942CF4A64931F0BC8D03 |
SHA-512: | F9CBE6C8C36F36917680EAAF02296F1C0E6D91E7CEC9E192EDDAFB3A16AA507204B33CDE0AB892A8848A812F10EBADA2BCD19FB8D7A577753FFCD1408DA3DF5C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.92591617314015 |
TrID: |
|
File name: | Agent.Listener.exe |
File size: | 179080 |
MD5: | 6ba29b4fdb125cb2ba962126b1dc49e6 |
SHA1: | 97de340fa40f6ae8fcb4cbb98c9d0b0ea580ac2b |
SHA256: | 2a8a9f4848555e5f8077a579fe0d8e3fcdf5ae5a663f33808644655ee6591f4f |
SHA512: | 8dc954db2fbb794eaa5aa7bc859e16b5d8a3d8454c0ce362089fd7235b5bb55831a985e961d1de0251a6206d8de02ee64f9503917331578a8bf2bfce7ad7c39b |
SSDEEP: | 3072:68eBqhy5aV5gwqY8sXwoEHXfwaN+M+/ORYd532Ms4T6TFZb6SJ:6hT1sXOfDj+d56JZJ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...sto@sto@sto@!.lA{to@!.jALto@!.kAoto@z..@ato@..nAzto@stn@.to@..jA~to@..mArto@Richsto@........PE..d......].........."......r. |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
General | |
---|---|
Entrypoint: | 0x140013b60 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x5DCEC899 [Fri Nov 15 15:47:37 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 7d19699275e08b389d5869dc7132efbc |
Signature Valid: | true |
Signature Issuer: | CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 658DCC2A890351DF97DC9F05146283C0 |
Thumbprint SHA-1: | ABDCA79AF9DD48A0EA702AD45260B3C03093FB4B |
Thumbprint SHA-256: | E39CC80A0DF6F2BED821D11B49717306138C1D19FD20190336BF1C4297638A79 |
Serial: | 33000001DF6BF02E92A74AB4D00000000001DF |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F4190A14064h |
dec eax |
add esp, 28h |
jmp 00007F4190A1392Fh |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [000061F9h] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
call 00007F4190A14309h |
dec eax |
lea eax, dword ptr [0000DE81h] |
dec eax |
mov dword ptr [ebx], eax |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
dec eax |
and dword ptr [ecx+10h], 00000000h |
dec eax |
lea eax, dword ptr [0000DE78h] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [0000DE5Dh] |
dec eax |
mov dword ptr [ecx], eax |
dec eax |
mov eax, ecx |
ret |
int3 |
int3 |
dec eax |
sub esp, 48h |
dec eax |
lea ecx, dword ptr [esp+20h] |
call 00007F4190A13A97h |
dec eax |
lea edx, dword ptr [000132EFh] |
dec eax |
lea ecx, dword ptr [esp+20h] |
call 00007F4190A1436Eh |
int3 |
jmp 00007F4190A11B30h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [00005553h] |
dec eax |
mov ecx, ebx |
call dword ptr [00005552h] |
call dword ptr [00005474h] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x26f9c | 0x118 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x594 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x2a000 | 0x15fc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x29800 | 0x2388 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2d000 | 0x6dc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x22630 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x22790 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x22690 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x19000 | 0x468 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x171fc | 0x17200 | False | 0.497086148649 | data | 6.29227878169 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x19000 | 0xef44 | 0xf000 | False | 0.334000651042 | data | 4.08095539026 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x28000 | 0x19e8 | 0xe00 | False | 0.181640625 | data | 3.04517754121 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x2a000 | 0x15fc | 0x1600 | False | 0.495205965909 | PEX Binary Archive | 5.21615997761 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x594 | 0x600 | False | 0.4140625 | data | 4.50806221751 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2d000 | 0x6dc | 0x800 | False | 0.54150390625 | data | 5.08553064642 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x2c0a0 | 0x308 | data | ||
RT_MANIFEST | 0x2c3a8 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
KERNEL32.dll | FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetFullPathNameW, GetTempPathW, GetLastError, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetEnvironmentVariableW, GetCurrentProcess, IsWow64Process, GetModuleFileNameW, GetModuleHandleExW, GetProcAddress, LoadLibraryExW, LoadLibraryA, MultiByteToWideChar, WideCharToMultiByte, FreeLibrary, RtlUnwindEx, RaiseException, OutputDebugStringW, GetModuleHandleW, GetCurrentProcessId, Sleep, RemoveDirectoryW, DeleteCriticalSection, CreateDirectoryW, RtlPcToFileHeader, InitializeSListHead, GetCurrentThreadId, QueryPerformanceCounter, IsDebuggerPresent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, LCMapStringW, GetSystemTimeAsFileTime, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, SwitchToThread, InitializeCriticalSectionAndSpinCount, SetLastError, DecodePointer, EncodePointer, GetStringTypeW |
USER32.dll | MessageBoxW |
SHELL32.dll | ShellExecuteW |
ADVAPI32.dll | RegOpenKeyExW, RegCloseKey, ReportEventW, RegisterEventSourceW, DeregisterEventSource, RegGetValueW |
api-ms-win-crt-runtime-l1-1-0.dll | _initialize_wide_environment, _set_app_type, _invalid_parameter_noinfo_noreturn, _seh_filter_exe, _cexit, _crt_atexit, _register_onexit_function, terminate, _configure_wide_argv, exit, _exit, __p___argc, __p___wargv, _c_exit, _register_thread_local_exe_atexit_callback, abort, _get_initial_wide_environment, _errno, _initterm, _initialize_onexit_table, _initterm_e |
api-ms-win-crt-heap-l1-1-0.dll | malloc, calloc, free, _callnewh, _set_new_mode |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, frexp |
api-ms-win-crt-stdio-l1-1-0.dll | _wfopen, __stdio_common_vswprintf, fclose, fread, fseek, fwrite, __acrt_iob_func, _set_fmode, fputwc, fputws, __stdio_common_vfwprintf, fflush, __p__commode, __stdio_common_vsprintf_s |
api-ms-win-crt-string-l1-1-0.dll | _wcsicmp, _wcsdup, _wcsnicmp, wcsncmp, strcspn, wcsnlen, memset, strcpy_s |
api-ms-win-crt-locale-l1-1-0.dll | _unlock_locales, __pctype_func, ___lc_locale_name_func, ___mb_cur_max_func, setlocale, _configthreadlocale, _lock_locales, localeconv, ___lc_codepage_func |
api-ms-win-crt-filesystem-l1-1-0.dll | _wremove, _wrename |
api-ms-win-crt-convert-l1-1-0.dll | _wtoi, wcstoul |
api-ms-win-crt-time-l1-1-0.dll | wcsftime, _gmtime64, _time64 |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | |
Assembly Version | 2.193.0.0 |
InternalName | Agent.Listener.dll |
FileVersion | 2.193.0.0 |
CompanyName | Agent.Listener |
ProductName | Agent.Listener |
ProductVersion | 2.193.0 |
FileDescription | Agent.Listener |
OriginalFilename | Agent.Listener.dll |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 17:21:14 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\Desktop\Agent.Listener.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d7bd0000 |
File size: | 179080 bytes |
MD5 hash: | 6BA29B4FDB125CB2BA962126B1DC49E6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
LPC Port Activities
Start time: | 17:21:14 |
Start date: | 13/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
LPC Port Activities
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 5.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 7.4% |
Total number of Nodes: | 893 |
Total number of Limit Nodes: | 7 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |