Windows
Analysis Report
download.php
Overview
General Information
Detection
Score: | 5 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- download.exe (PID: 7116 cmdline:
"C:\Users\ user\Deskt op\downloa d.exe" MD5: A2C883B0E7A1B002B088F52F647F2E2F)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_0040AEF4 | |
Source: | Code function: | 1_2_0040A928 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_004AF110 |
Source: | Code function: | 1_2_004323DC | |
Source: | Code function: | 1_2_004255DC | |
Source: | Code function: | 1_2_0040E9C4 |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 1_2_004AF110 |
Source: | Code function: | 1_2_004AF9F0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | Code function: | 1_2_0041A4DC |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_004B50D6 | |
Source: | Code function: | 1_2_004B5A40 | |
Source: | Code function: | 1_2_00458005 | |
Source: | Code function: | 1_2_0049B03D | |
Source: | Code function: | 1_2_004A00F9 | |
Source: | Code function: | 1_2_00458089 | |
Source: | Code function: | 1_2_004B10E4 | |
Source: | Code function: | 1_2_004A1095 | |
Source: | Code function: | 1_2_0041A0B8 | |
Source: | Code function: | 1_2_004270FC | |
Source: | Code function: | 1_2_0045810D | |
Source: | Code function: | 1_2_004321C9 | |
Source: | Code function: | 1_2_004A21D9 | |
Source: | Code function: | 1_2_0049E1B9 | |
Source: | Code function: | 1_2_0049A370 | |
Source: | Code function: | 1_2_0045526C | |
Source: | Code function: | 1_2_004252D9 | |
Source: | Code function: | 1_2_004592FD | |
Source: | Code function: | 1_2_0045B285 | |
Source: | Code function: | 1_2_00430359 | |
Source: | Code function: | 1_2_00430371 | |
Source: | Code function: | 1_2_00459398 | |
Source: | Code function: | 1_2_004A1429 | |
Source: | Code function: | 1_2_0049B425 | |
Source: | Code function: | 1_2_004A24D9 | |
Source: | Code function: | 1_2_004225EC | |
Source: | Code function: | 1_2_004304F1 | |
Source: | Code function: | 1_2_00499493 | |
Source: | Code function: | 1_2_00458565 | |
Source: | Code function: | 1_2_00458575 | |
Source: | Code function: | 1_2_00457578 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_004AF91C |
Source: | Code function: | 1_2_0040AEF4 | |
Source: | Code function: | 1_2_0040A928 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_0040B044 | |
Source: | Code function: | 1_2_0041E034 | |
Source: | Code function: | 1_2_0041E080 | |
Source: | Code function: | 1_2_004AF218 | |
Source: | Code function: | 1_2_0040A4CC |
Source: | Code function: | 1_2_00405AE0 |
Source: | Code function: | 1_2_004B5114 |
Source: | Code function: | 1_2_0041C3D8 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | 1 Access Token Manipulation | 1 Access Token Manipulation | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 25 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 606090 |
Start date and time: 08/04/202223:54:27 | 2022-04-08 23:54:27 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | download.php (renamed file extension from php to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean5.winEXE@1/0@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): svchost.exe
File type: | |
Entropy (8bit): | 7.547049237301527 |
TrID: |
|
File name: | download.exe |
File size: | 1735928 |
MD5: | a2c883b0e7a1b002b088f52f647f2e2f |
SHA1: | 0ed075b4c2163cac0463f4f6b7961d0850e1fc05 |
SHA256: | 27d4749a0db6fffdcc3744cb2ed29e8ffa8cc00140ee61faa3a4b0446d512076 |
SHA512: | 4894c7fc90c85a1e1d62a712688e39b3809e090653cf126fc36fe0555843206443612676ec2c9ab5a6df5cb0d62966624e4633abfe0a3f8a7a2e360f2c748dd1 |
SSDEEP: | 24576:N4nXubIQGyxbPV0db26p2iInkk7vhTCxMLM05Zl3dWzXh35FqF+ahOIZDNJxjNh2:Nqe3f6JIPuxMA05Zl3EFqDEoN3jNhntU |
TLSH: | 0F85CF3FB268653FD4AE0B3245B39350997BBA61A81A8C2F07F0094DCF665701F3B656 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | a2a0b496b2caca72 |
Entrypoint: | 0x4b5eec |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 1 |
File Version Major: | 6 |
File Version Minor: | 1 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 1 |
Import Hash: | 5a594319a0d69dbc452e748bcf05892e |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 004B10F0h |
call 00007FBEAC94CDD5h |
xor eax, eax |
push ebp |
push 004B65E2h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 004B659Eh |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [004BE634h] |
call 00007FBEAC9EF4FFh |
call 00007FBEAC9EF052h |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007FBEAC962848h |
mov edx, dword ptr [ebp-14h] |
mov eax, 004C1D84h |
call 00007FBEAC9479C7h |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [004C1D84h] |
mov dl, 01h |
mov eax, dword ptr [004237A4h] |
call 00007FBEAC9638AFh |
mov dword ptr [004C1D88h], eax |
xor edx, edx |
push ebp |
push 004B654Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007FBEAC9EF587h |
mov dword ptr [004C1D90h], eax |
mov eax, dword ptr [004C1D90h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007FBEAC9F5B6Ah |
mov eax, dword ptr [004C1D90h] |
mov edx, 00000028h |
call 00007FBEAC9641A4h |
mov edx, dword ptr [004C1D90h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc4000 | 0x9a | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc2000 | 0xf36 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x4800 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc6000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc22e4 | 0x244 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xc3000 | 0x1a4 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb361c | 0xb3800 | False | 0.344863934105 | data | 6.35605820433 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.itext | 0xb5000 | 0x1688 | 0x1800 | False | 0.544921875 | data | 5.97275005522 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0xb7000 | 0x37a4 | 0x3800 | False | 0.360979352679 | data | 5.04440056201 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.bss | 0xbb000 | 0x6de8 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0xc2000 | 0xf36 | 0x1000 | False | 0.3681640625 | data | 4.89870464796 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.didata | 0xc3000 | 0x1a4 | 0x200 | False | 0.345703125 | data | 2.75636286825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.edata | 0xc4000 | 0x9a | 0x200 | False | 0.2578125 | data | 1.87222286659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0xc5000 | 0x18 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0xc6000 | 0x5d | 0x200 | False | 0.189453125 | data | 1.38389437522 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc7000 | 0x4800 | 0x4800 | False | 0.314832899306 | data | 4.41298427192 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xc74c8 | 0x128 | GLS_BINARY_LSB_FIRST | Dutch | Netherlands |
RT_ICON | 0xc75f0 | 0x568 | GLS_BINARY_LSB_FIRST | Dutch | Netherlands |
RT_ICON | 0xc7b58 | 0x2e8 | data | Dutch | Netherlands |
RT_ICON | 0xc7e40 | 0x8a8 | data | Dutch | Netherlands |
RT_STRING | 0xc86e8 | 0x360 | data | ||
RT_STRING | 0xc8a48 | 0x260 | data | ||
RT_STRING | 0xc8ca8 | 0x45c | data | ||
RT_STRING | 0xc9104 | 0x40c | data | ||
RT_STRING | 0xc9510 | 0x2d4 | data | ||
RT_STRING | 0xc97e4 | 0xb8 | data | ||
RT_STRING | 0xc989c | 0x9c | data | ||
RT_STRING | 0xc9938 | 0x374 | data | ||
RT_STRING | 0xc9cac | 0x398 | data | ||
RT_STRING | 0xca044 | 0x368 | data | ||
RT_STRING | 0xca3ac | 0x2a4 | data | ||
RT_RCDATA | 0xca650 | 0x10 | data | ||
RT_RCDATA | 0xca660 | 0x2c4 | data | ||
RT_RCDATA | 0xca924 | 0x2c | data | ||
RT_GROUP_ICON | 0xca950 | 0x3e | data | English | United States |
RT_VERSION | 0xca990 | 0x584 | data | English | United States |
RT_MANIFEST | 0xcaf14 | 0x726 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
kernel32.dll | GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale |
comctl32.dll | InitCommonControls |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
user32.dll | CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
advapi32.dll | RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x454060 |
__dbk_fcall_wrapper | 2 | 0x40d0a0 |
dbkFCallWrapperAddr | 1 | 0x4be63c |
Description | Data |
---|---|
LegalCopyright | |
FileVersion | |
CompanyName | |
Comments | This installation was built with Inno Setup. |
ProductName | Inno Script Studio |
ProductVersion | 1.0 |
FileDescription | Inno Script Studio Setup |
OriginalFileName | |
Translation | 0x0000 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 1 |
Start time: | 23:55:24 |
Start date: | 08/04/2022 |
Path: | C:\Users\user\Desktop\download.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1735928 bytes |
MD5 hash: | A2C883B0E7A1B002B088F52F647F2E2F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Execution Graph
Execution Coverage: | 2.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16.9% |
Total number of Nodes: | 543 |
Total number of Limit Nodes: | 23 |
Graph
Function 004B5114 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF91C Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B044 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AEF4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AB18 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407748 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B5000 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FF94 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
Control-flow Graph
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D86 Relevance: 4.6, APIs: 3, Instructions: 83COMMON
Control-flow Graph
C-Code - Quality: 63% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B110 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B234 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421230 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052D4 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF404 Relevance: 1.5, APIs: 1, Instructions: 33windowCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004232EC Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423DA8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409FA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CAA4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BCC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A928 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF110 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF9F0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4CC Relevance: 4.6, APIs: 3, Instructions: 99COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A4DC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E034 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E080 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF218 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C3D8 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255DC Relevance: .5, Instructions: 545COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004323DC Relevance: .4, Instructions: 408COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9C4 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AE0 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E7CC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A250 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E0AC Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042301C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D218 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040426C Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404464 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004971AC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF728 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406424 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 36% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004076B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042931C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403EE8 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B60E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165windowCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AFA44 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
C-Code - Quality: 34% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F9B8 Relevance: 7.8, APIs: 5, Instructions: 335COMMON
C-Code - Quality: 69% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EEFC Relevance: 6.1, APIs: 4, Instructions: 113COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A6C8 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF1B4 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |