Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7528 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 8A0082DC4822B5F82DEE8BE67D86D402) - wscript.exe (PID: 7620 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\re viewDriver Intosessio nnet\V50gF n.vbe" MD5: FF00E0480075B095948000BDC66E81F0) - cmd.exe (PID: 7748 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\revi ewDriverIn tosessionn et\NRWB62a UrGQ.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7756 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - comProviderServer.exe (PID: 7800 cmdline:
"C:\review DriverInto sessionnet \comProvid erServer.e xe" MD5: DEF21977FE76F2744669724D9A26A39F) - schtasks.exe (PID: 7868 cmdline:
schtasks.e xe /create /tn "serv icess" /sc MINUTE /m o 8 /tr "' C:\Program Files\Win dows Defen der Advanc ed Threat Protection \services. exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7884 cmdline:
schtasks.e xe /create /tn "serv ices" /sc ONLOGON /t r "'C:\Pro gram Files \Windows D efender Ad vanced Thr eat Protec tion\servi ces.exe'" /rl HIGHES T /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7900 cmdline:
schtasks.e xe /create /tn "serv icess" /sc MINUTE /m o 9 /tr "' C:\Program Files\Win dows Defen der Advanc ed Threat Protection \services. exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7916 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 6 /tr "' C:\Recover y\WmiPrvSE .exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7932 cmdline:
schtasks.e xe /create /tn "WmiP rvSE" /sc ONLOGON /t r "'C:\Rec overy\WmiP rvSE.exe'" /rl HIGHE ST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7948 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 11 /tr " 'C:\Recove ry\WmiPrvS E.exe'" /r l HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7968 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 12 /tr " 'C:\Progra m Files\Wi ndows Side bar\WmiPrv SE.exe'" / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7992 cmdline:
schtasks.e xe /create /tn "WmiP rvSE" /sc ONLOGON /t r "'C:\Pro gram Files \Windows S idebar\Wmi PrvSE.exe' " /rl HIGH EST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8008 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 5 /tr "' C:\Program Files\Win dows Sideb ar\WmiPrvS E.exe'" /r l HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8056 cmdline:
schtasks.e xe /create /tn "expl orere" /sc MINUTE /m o 6 /tr "' C:\Users\P ublic\Down loads\expl orer.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8088 cmdline:
schtasks.e xe /create /tn "expl orer" /sc ONLOGON /t r "'C:\Use rs\Public\ Downloads\ explorer.e xe'" /rl H IGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8112 cmdline:
schtasks.e xe /create /tn "expl orere" /sc MINUTE /m o 5 /tr "' C:\Users\P ublic\Down loads\expl orer.exe'" /rl HIGHE ST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8128 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 14 /tr "' C:\Program Files (x8 6)\windows media pla yer\Networ k Sharing\ bdoMPjmZJH MIJMdqEctk zcHPTiy.ex e'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8144 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiy" /sc O NLOGON /tr "'C:\Prog ram Files (x86)\wind ows media player\Net work Shari ng\bdoMPjm ZJHMIJMdqE ctkzcHPTiy .exe'" /rl HIGHEST / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8160 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 13 /tr "' C:\Program Files (x8 6)\windows media pla yer\Networ k Sharing\ bdoMPjmZJH MIJMdqEctk zcHPTiy.ex e'" /rl HI GHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 8188 cmdline:
schtasks.e xe /create /tn "spoo lsvs" /sc MINUTE /mo 12 /tr "' C:\reviewD riverIntos essionnet\ spoolsv.ex e'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7260 cmdline:
schtasks.e xe /create /tn "spoo lsv" /sc O NLOGON /tr "'C:\revi ewDriverIn tosessionn et\spoolsv .exe'" /rl HIGHEST / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 4236 cmdline:
schtasks.e xe /create /tn "spoo lsvs" /sc MINUTE /mo 14 /tr "' C:\reviewD riverIntos essionnet\ spoolsv.ex e'" /rl HI GHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7128 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 12 /tr "' C:\Users\j ones\Recen t\CustomDe stinations \bdoMPjmZJ HMIJMdqEct kzcHPTiy.e xe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 6920 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiy" /sc O NLOGON /tr "'C:\User s\jones\Re cent\Custo mDestinati ons\bdoMPj mZJHMIJMdq EctkzcHPTi y.exe'" /r l HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 1088 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 5 /tr "'C :\Users\jo nes\Recent \CustomDes tinations\ bdoMPjmZJH MIJMdqEctk zcHPTiy.ex e'" /rl HI GHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 396 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 7 /tr "' C:\Program Files (x8 6)\microso ft.net\Red istList\Wm iPrvSE.exe '" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 5112 cmdline:
schtasks.e xe /create /tn "WmiP rvSE" /sc ONLOGON /t r "'C:\Pro gram Files (x86)\mic rosoft.net \RedistLis t\WmiPrvSE .exe'" /rl HIGHEST / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 6912 cmdline:
schtasks.e xe /create /tn "WmiP rvSEW" /sc MINUTE /m o 9 /tr "' C:\Program Files (x8 6)\microso ft.net\Red istList\Wm iPrvSE.exe '" /rl HIG HEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7484 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 14 /tr "' C:\Program Files\MSB uild\bdoMP jmZJHMIJMd qEctkzcHPT iy.exe'" / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7552 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiy" /sc O NLOGON /tr "'C:\Prog ram Files\ MSBuild\bd oMPjmZJHMI JMdqEctkzc HPTiy.exe' " /rl HIGH EST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7544 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 11 /tr "' C:\Program Files\MSB uild\bdoMP jmZJHMIJMd qEctkzcHPT iy.exe'" / rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 7532 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 14 /tr "' C:\reviewD riverIntos essionnet\ bdoMPjmZJH MIJMdqEctk zcHPTiy.ex e'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 6380 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiy" /sc O NLOGON /tr "'C:\revi ewDriverIn tosessionn et\bdoMPjm ZJHMIJMdqE ctkzcHPTiy .exe'" /rl HIGHEST / f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - schtasks.exe (PID: 5912 cmdline:
schtasks.e xe /create /tn "bdoM PjmZJHMIJM dqEctkzcHP Tiyb" /sc MINUTE /mo 5 /tr "'C :\reviewDr iverIntose ssionnet\b doMPjmZJHM IJMdqEctkz cHPTiy.exe '" /rl HIG HEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2) - wscript.exe (PID: 7640 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\re viewDriver Intosessio nnet\file. vbs" MD5: FF00E0480075B095948000BDC66E81F0)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
DCRat | DCRat is a typical RAT that has been around since at least June 2019. | No Attribution |
{"SCRT": "{\"H\":\"(\",\"t\":\"!\",\"F\":\"%\",\"d\":\"|\",\"n\":\"#\",\"x\":\"^\",\"v\":\")\",\"P\":\">\",\"W\":\";\",\"y\":\"&\",\"c\":\"`\",\"G\":\"*\",\"i\":\" \",\"I\":\"$\",\"X\":\"~\",\"g\":\"@\",\"6\":\"-\",\"C\":\"<\",\"S\":\".\",\"3\":\",\",\"D\":\"_\"}", "PCRT": "{\"2\":\"#\",\"j\":\"^\",\"m\":\"(\",\"B\":\"$\",\"4\":\"_\",\"1\":\">\",\"i\":\"*\",\"U\":\")\",\"c\":\"-\",\"N\":\";\",\"Q\":\"`\",\"d\":\".\",\"z\":\"~\",\"V\":\"&\",\"T\":\",\",\"h\":\"!\",\"x\":\"%\",\"F\":\"@\",\"C\":\" \",\"X\":\"<\",\"R\":\"|\"}", "TAG": "", "MUTEX": "DCR_MUTEX-ihDIZlmnfSxSHTCWeZ2k", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": true, "ignorepartiallyemptydata": true, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": true, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%AppData% - Very Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://nezik.ru.swtest.ru/@=ETYmFWY1UWO", "H2": "http://nezik.ru.swtest.ru/@=ETYmFWY1UWO", "T": "0"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DCRat_1 | Yara detected DCRat | Joe Security | ||
JoeSecurity_DCRat_1 | Yara detected DCRat | Joe Security | ||
JoeSecurity_DCRat_1 | Yara detected DCRat | Joe Security | ||
JoeSecurity_DCRat_1 | Yara detected DCRat | Joe Security |
System Summary |
---|
Source: | Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Michael Haag: |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00B8A5F4 | |
Source: | Code function: | 1_2_00B9B8E0 | |
Source: | Code function: | 1_2_00BAAAA8 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | URLs: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 1_2_00B8718C |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 1_2_00B8857B | |
Source: | Code function: | 1_2_00B970BF | |
Source: | Code function: | 1_2_00BAD00E | |
Source: | Code function: | 1_2_00B8407E | |
Source: | Code function: | 1_2_00BB1194 | |
Source: | Code function: | 1_2_00B8E2A0 | |
Source: | Code function: | 1_2_00B83281 | |
Source: | Code function: | 1_2_00BA02F6 | |
Source: | Code function: | 1_2_00B96646 | |
Source: | Code function: | 1_2_00B827E8 | |
Source: | Code function: | 1_2_00B937C1 | |
Source: | Code function: | 1_2_00BA473A | |
Source: | Code function: | 1_2_00BA070E | |
Source: | Code function: | 1_2_00B8E8A0 | |
Source: | Code function: | 1_2_00B8F968 | |
Source: | Code function: | 1_2_00BA4969 | |
Source: | Code function: | 1_2_00B93A3C | |
Source: | Code function: | 1_2_00B96A7B | |
Source: | Code function: | 1_2_00BACB60 | |
Source: | Code function: | 1_2_00BA0B43 | |
Source: | Code function: | 1_2_00B95C77 | |
Source: | Code function: | 1_2_00B9FDFA | |
Source: | Code function: | 1_2_00B8ED14 | |
Source: | Code function: | 1_2_00B93D6D | |
Source: | Code function: | 1_2_00B8BE13 | |
Source: | Code function: | 1_2_00B8DE6C | |
Source: | Code function: | 1_2_00B85F3C | |
Source: | Code function: | 1_2_00BA0F78 | |
Source: | Code function: | 7_2_00007FFAAC3FC5F0 | |
Source: | Code function: | 7_2_00007FFAAC3FAA8D | |
Source: | Code function: | 7_2_00007FFAAC3FAF08 | |
Source: | Code function: | 7_2_00007FFAAC3FAF58 | |
Source: | Code function: | 7_2_00007FFAAC3FC7E0 | |
Source: | Code function: | 7_2_00007FFAAC3F2BF0 | |
Source: | Code function: | 7_2_00007FFAAC3F9DA1 | |
Source: | Code function: | 7_2_00007FFAAC3FAF35 | |
Source: | Code function: | 7_2_00007FFAAC3F2AC0 | |
Source: | Code function: | 7_2_00007FFAAC3F2BF0 | |
Source: | Code function: | 7_2_00007FFAAC3FA005 | |
Source: | Code function: | 7_2_00007FFAAC3F2BF0 | |
Source: | Code function: | 7_2_00007FFAAC3FA005 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_00B86EC9 |
Source: | Code function: | 1_2_00B99E1C |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Process created: |
Source: | Command line argument: | 1_2_00B9D5D4 | |
Source: | Command line argument: | 1_2_00B9D5D4 | |
Source: | Command line argument: | 1_2_00B9D5D4 |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | 1_2_00B9E2AA | |
Source: | Code function: | 1_2_00B9ED59 | |
Source: | Code function: | 7_2_00007FFAAC3F00C1 | |
Source: | Code function: | 7_2_00007FFAAC3F7DA5 |
Persistence and Installation Behavior |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior |
Source: | Code function: | 1_2_00B8A5F4 | |
Source: | Code function: | 1_2_00B9B8E0 | |
Source: | Code function: | 1_2_00BAAAA8 |
Source: | Code function: | 1_2_00B9DD72 |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_1-24541 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00BA866F |
Source: | Code function: | 1_2_00BA753D |
Source: | Code function: | 1_2_00BAB710 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_00B9F063 | |
Source: | Code function: | 1_2_00B9F22B | |
Source: | Code function: | 1_2_00BA866F | |
Source: | Code function: | 1_2_00B9EF05 |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_00B9ED5B |
Source: | Code function: | 1_2_00B9A63C |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00B9D5D4 |
Source: | Code function: | 1_2_00B8ACF5 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 12 Scripting | Valid Accounts | 11 Windows Management Instrumentation | 1 Scheduled Task/Job | 11 Process Injection | 233 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 12 Scripting | 1 Scheduled Task/Job | 1 Disable or Modify Tools | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | 37 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | ReversingLabs | ByteCode-MSIL.Trojan.Uztuby | ||
100% | Avira | VBS/Runner.VPG | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | BAT/Delbat.C | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | VBS/Runner.VPG | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Avira | HEUR/AGEN.1323984 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1521601 |
Start date and time: | 2024-09-29 01:00:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 43 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@43/33@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): Conhost.exe, services.exe, dllhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target comProviderServer.exe, PID 7800 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
01:01:13 | Task Scheduler | |
01:01:13 | Task Scheduler | |
01:01:13 | Task Scheduler | |
01:01:13 | Task Scheduler | |
01:01:15 | Task Scheduler | |
01:01:15 | Task Scheduler | |
01:01:15 | Task Scheduler | |
01:01:16 | Task Scheduler | |
01:01:16 | Task Scheduler | |
01:01:16 | Task Scheduler | |
01:01:16 | Task Scheduler | |
01:01:16 | Task Scheduler | |
01:01:18 | Task Scheduler | |
01:01:18 | Task Scheduler |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 785 |
Entropy (8bit): | 5.911093002342794 |
Encrypted: | false |
SSDEEP: | 24:pjO5hN5wKhCASJVJlV+4hB30ccrWYq5qns:ShThIJVBrQMus |
MD5: | A4CFE8AE9DD1EE4890DEDD07CDD17598 |
SHA1: | D89D172CB4A847917278E86EA28C502AFA136AE1 |
SHA-256: | DFB9BE4756FB79F4E89FF7EF195156CB8E6C6F16913BAFB9A9DDD1EEF4D6F927 |
SHA-512: | DD3AED36B895831465814A3B5C4448A637EB4BE3524D3364E0243B5762EECD3723D43F07E3FDB72DA23307AEF874022F8D445C2F545DA71F4027FAE9E057B283 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 849 |
Entropy (8bit): | 5.887620635318584 |
Encrypted: | false |
SSDEEP: | 12:xrRDFoMfsggLrVstHSd0tWZ4NvBScF5mur2eV7NWVbUzhPbPKEgSz2nnnn:bD2MfZgLrYHSd0tI65viHhUxxgSz2n |
MD5: | 2BCBB6F8B83F66AD1936E8A71CAF94E2 |
SHA1: | 385B81599E10F841FBEB76030D3D85CDFDEF7650 |
SHA-256: | 827062C1A21107514E2DABDD4A24BB4E789BF645EB66EA699EB8F0606C0F7159 |
SHA-512: | 610EC31B7FC52983CA0ECEA8C9A920CC1C07EDCFC05B9B2097904B18CC72E1E04492A37E3FC9EDDA707E9D64789F97C1E73139CEC9F3D963A4A2A8B85E550693 |
Malicious: | false |
Preview: |
C:\Program Files (x86)\Windows Media Player\Network Sharing\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
Download File
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 468 |
Entropy (8bit): | 5.849524438303441 |
Encrypted: | false |
SSDEEP: | 12:9SCB9VhjZ9YvM2dC848zixxXT8dPQBxzlGej3V:97B9LjZ9YU2f48zixxDZDlGeZ |
MD5: | 9C29471513CA017110AF3860CAC716DF |
SHA1: | 19A976FCFCFE7EBFB25A412031955FD91D40AC87 |
SHA-256: | 5FAA76F6D90391105755490B7CE29819CAB7A0180C38D3F29F226A3E66A367D8 |
SHA-512: | DCAEAD1BB72B5A9D8452DFD869A04BE4829A323E0F06BC18CE5BE3683D4DB927EA660C6D14D8C429AC3735FF4868AD76567B5E0DF2B64A67E1348A0C96D559E3 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.885454318039116 |
Encrypted: | false |
SSDEEP: | 12:2JtADLUvBT9xgKRL+++JXykOViijMEIkR3KLG5DNXf/CraVEJsWoG4yWxJ9NBw83:RDL2BwKReCri8p6q1NX3CrF9s9XbXr |
MD5: | 4B70671D63098F5FE066D32D4FBD6167 |
SHA1: | 51F0FE23049814E58DDA21A31643BCB1A98ACAC0 |
SHA-256: | 787CBF854535030C0902EB5C83413BF2F45B82EC736B42868744285C9B2A2A16 |
SHA-512: | A140FAFFDCDCBA3BF37D0B793D722180290C72593E5C6C99204EE5F581809DBE8AE4BE4D7417E1057900E12D23238CE8035AD9E425065C5FC3E012741DE46C85 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 201 |
Entropy (8bit): | 5.706431159694625 |
Encrypted: | false |
SSDEEP: | 6:WYPIda0fGPKRlvvNDLRSt/pot40Um6QC/lBi1brQzBv:vPIdFBplStqUXQmlBi1brQzBv |
MD5: | D11FA06CEEDA5A06C782290C522E5E17 |
SHA1: | ABE7E3F29600916D385F83714033BF4B6C9846B8 |
SHA-256: | 99D68D4565D727A638A0F090AAD57564D2D0C74B6F200F9B85CAC4E5A6563B41 |
SHA-512: | 56814ECBAAF2A39D439747855FF84366AECAFA74D450DF2DE14DD60C0DED923A872A0DB37443C29DAF5BC87C89412F6E0A5BBCA2497C16DE483FD6A2C25281B5 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 831 |
Entropy (8bit): | 5.907535247871906 |
Encrypted: | false |
SSDEEP: | 12:E1E/jy2xf9pK4hRKQuOvtvZe0vAEuXTC5gtKQlIiTkaLBwuGLI+gk7yvPOICAqW5:EWLf9kU9uORY0vA7C6KSlOwxyI3F |
MD5: | 63E89DFB9D96B8120250DD232A0350C0 |
SHA1: | 5470640004F1DB7A7281E5D144C599976849C732 |
SHA-256: | A0B4625A78448E34B911F793B7AEDDC83E9FAB68F35844099BCE2CBF9C8F3356 |
SHA-512: | C096A6D1C6A0EE5C497715A3BA2CECFD8C5BD557279FA3D06BD9636C92EC1C90AF978DFA109AC13ADC2628B6C4CA8178B7972345DF56937308FAD7BDD21843D2 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 786 |
Entropy (8bit): | 5.91545973380718 |
Encrypted: | false |
SSDEEP: | 12:GWVypSd3IiILy6U+nx91OdQYVQqkq5EAvAaWjM/5YOsg55d90mBo0gAUc+oIMcmT:GWysCg6fx91OXVSqPvRJbxNvUmrQw |
MD5: | 44ABA634FFF0DA65387AA0228C97ADEC |
SHA1: | B17BAC9EAD6F16F7E751BE62FFE134F8D79F0790 |
SHA-256: | BF1928D828DB16B365AF4150941626886BE01C6E7D43D4CDF59C807272D839DD |
SHA-512: | 0727D8B8B961C4213FEBC28F0C70590BB84090BCC8AD1BF1CE75AD2DD3476AA2279A4E54195187437A1C84731E0564D74156147F0F9A80E2B5F92F7F54DC6C9A |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 100 |
Entropy (8bit): | 5.539819909835649 |
Encrypted: | false |
SSDEEP: | 3:HRHS809VheKEYZkhDoGdBd1Fv21MyzL6Z43hm1w:xy88bBkhDFdr1Fv21MyA6ow |
MD5: | 5938D19E7E6CD6BA63DCE0FB419771D9 |
SHA1: | 00979271DFEA68A5DA2FCB8AABADE83C14BBC849 |
SHA-256: | D3CDD06D6FB8AB72286408470CF0193540E8EADD303473C0ADC2DC0379C26E58 |
SHA-512: | D265D40C6E59D4CDF8A76B7C46E0C2504615DF4E6D01ACDACEFE994BEF487567B70F14D3356DB3AB2CA7A8F07E28A0CB91C99891108B6A57E8435C4A9A1CF6C8 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 251 |
Entropy (8bit): | 5.761053868364122 |
Encrypted: | false |
SSDEEP: | 6:fCLoLRWi36sBDgmHyn8d9yxZ+MWBCs5mqQKenndK:fCMAW6siwyn8dAsM+VQpndK |
MD5: | B0784C712E0DB4169E61C73E150D5760 |
SHA1: | 83C11AB0D793A15E03C998EDD965954362433F67 |
SHA-256: | 4E9146A4C5B65CD58ADDD67D6F7A9564A7CB759CA702A9061687A5D530949DA1 |
SHA-512: | 6C2BE36100337039F8C351E3A17B662EDD602E218F804982392254761F55EBB0A412FEA72A725994677C88B461FC3AAC85B4089A85D3F29D4E233F2337B59BAE |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1915 |
Entropy (8bit): | 5.363869398054153 |
Encrypted: | false |
SSDEEP: | 48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1Jtpaq2 |
MD5: | E6E3A2B5063C33228E2749DC291A1D3D |
SHA1: | F3F32E2F204DE9AFA50D5DE1C132A8039C5A315C |
SHA-256: | 2F6BA7ECDDEF02B291DEA6E03ADD8A30A67B8DE1B7E256FA99B14A28AB9BE831 |
SHA-512: | 15EF30345C2F08AD858A9E5C10CD309F00D1951E4A4902CE8F8700A2B0A25FCFADCFCDA6D13EC7B215B0AF1AB24C8956033E93A403178ED7A98138476D4F9967 |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25 |
Entropy (8bit): | 4.213660689688185 |
Encrypted: | false |
SSDEEP: | 3:zSMSjdgmSoSMRn:ZigloSQn |
MD5: | 4F1E3BAEC0E1C6AD2009F1E1B6D60B01 |
SHA1: | 653C023086FD859727C11BF57ABCCDAF3C75AE54 |
SHA-256: | 1AA2DD35E51EEB74A1470DEB25729E6CCD37DBFF721DE3322BD9ADA709D6BF78 |
SHA-512: | D9EDEA9D8C9D121BAAF755F6A486DA63FB290BF4079C64C9DA7FF8372C5BE1282ECECAEDBFBA16674296FA1AFB1A32A61F27382B30FD6AF9A045089622CB71FB |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 216 |
Entropy (8bit): | 5.173550804439114 |
Encrypted: | false |
SSDEEP: | 6:hITg3Nou11r+DERuVzWKOZG1cNwi23fY8Mxr:OTg9YDEIVLZg8C |
MD5: | 3BBBF5E84D1083D4FA6762546A4C6D0E |
SHA1: | E0575929B630BE01BA0798AC8005C133B677F755 |
SHA-256: | 84D3596770CA2FE9A4C53947C5EFE23721F5D713B5585E9BEAE9EF58B5EC3C8C |
SHA-512: | 2B0CD1ACB5A43A63D3B0C1702EDC8ABD0A1DDEE93C200334D312A82DBB483AB6418B8040C9201750E9261B6AB111A5ECDD0232D1D8922B7E44B6E767A691AE5C |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\48b6e448d1d68f
Download File
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.81681059859829 |
Encrypted: | false |
SSDEEP: | 6:vuORkCeQGMn+tMI2UoXLGtsL8RJbGCoCFmNZtVp6N1fVRH4hu3NNFVuEcVogJw5o:WRGLxXLPL8R1bZmBOhzHb3NLVu6g+S |
MD5: | 94EAAF1B3E03C46EB5E6B194E26F7796 |
SHA1: | 9B61EB51C3022BD44C1BADE6B46B1BEFFAB29908 |
SHA-256: | 74A182E0BBAA1C1EB907954A739319B72DA87B7C5DDD0A9BC690D970D5C2FACB |
SHA-512: | D312303806F46146030E1F6657AEBCF996A73FEF3FD0AF2D83365E5A62CDE350C75A1F22D5F616035DAECCAB5E22EAF2985F2A0069D2C1C27884998153A2A707 |
Malicious: | false |
Preview: |
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
Download File
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 470 |
Entropy (8bit): | 5.864916497717177 |
Encrypted: | false |
SSDEEP: | 12:yvqVsFd7iR6KjzH22KbUrNA/r7qfk1MpPfV0UBMvtrbFAJRK8Zw0gFBf+w:ySVsn7IDjzH22KbUrNAr7qcCMvtip1cz |
MD5: | 5FBF29E4EF400E0EF6D213D4598BEC6D |
SHA1: | F296003BF344C4E1C7B5D0DF8BB70E5FCCD19C90 |
SHA-256: | CD1B17C1C5B1D5A0443E00CF85EBB2C684CFF432D6C83B86DE38C480BC5075B6 |
SHA-512: | 641F10C275DD695686353DB949EC5D19C78B2C0492C74A30763F90273FFE3C57A2E3FF64BD61C3523B58700FB1452762D4688C812C8640934BA0CEFE60FC524B |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 693 |
Entropy (8bit): | 5.890577813837475 |
Encrypted: | false |
SSDEEP: | 12:QLhHscAgIi/6qqH48hBg6+nTQTC1WMRFlWnbMh85kfZMM3EUErYbu0rQx0tiEw:Q5scCirEzDUTQTaWMR6nbMZhMFUk0rQv |
MD5: | 7BFF554121C91EC7A8D28A50886EC460 |
SHA1: | EBDA57C8F588E5455328E047FE60E89641550D9F |
SHA-256: | 6207507929ED53F70D1AA587C586CA03F39069177989405715ED2005A2DEB011 |
SHA-512: | B35FDA327EEBC5AF7B90FC36A9C4D2C78E7BCFB5EBF1D9585ADB131E135099F54CE04ECE9683C7F878BAEEC8129BEF73F77667EBA8EA875E7F7BD73C00DCEAE8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 4.901737936790576 |
Encrypted: | false |
SSDEEP: | 3:I5QToiNNKYGT1aABAnM4AZFQNBZwXD9so3KRfyM1K7eB/k+7W34hebJNAKyMhF72:IOc4KIJnM4XTStuH1jhRiI36BY |
MD5: | EA59BC2176799A45A6B1955902E6A52F |
SHA1: | 80A1BB215FF83B14A10F471FC61A33FC24A6AFFF |
SHA-256: | 65D211F8592F7E1CE008FFC0B8976F82AB1F726A95C7E397D878DD2F20681973 |
SHA-512: | F839CCACF529991B085482B42B1D8A406C1E7219128FA78CD5170126E9839375F79AB29DA2BB4FA44903EF9D3FD2DAC9ECEDA1B8CA2A5767DE98568E94DC0485 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 214 |
Entropy (8bit): | 5.786313698274228 |
Encrypted: | false |
SSDEEP: | 6:G3wqK+NkLzWbHa/818nZNDd3RL1wQJR8i+6/yoNdoF2kEs:G+MCzWLaG4d3XBJ2F6TNS2k7 |
MD5: | 364D2DCF3089421FC2C2CBB33427ACC8 |
SHA1: | FC9EF23D531721AC7D70BB8C5822446F88C9FDB0 |
SHA-256: | 9A54E372884CB902A33FF5ADA3FED3AB54621AD868559A95A84D66D3A03D8771 |
SHA-512: | 0BFE69F8EE3751411AA9F1A1D8690963FB61D3E1AD5C88FCAEA211081C48D7AD8D93C5E275BA2E1C9DA0CC89EC5B1CFCC25F90B8D4EA892AC20CC72CA9703CB5 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 307 |
Entropy (8bit): | 5.807020439510261 |
Encrypted: | false |
SSDEEP: | 6:pUoG9WSX/Q71SS+m32nlRFQQ97oLXl2ia2usa96fztbRzJlj:pUpZXY71SSh30qm7oLXPM96fz1/l |
MD5: | 19DD53513DCEC578CF32DD71506C303E |
SHA1: | 72AFE148522004E56C4E608088039BFD8B1966A2 |
SHA-256: | 30159083A20F543E38319C399084AF684719DB3B83666666B406700C2DF509AD |
SHA-512: | 14AF2BDD6EF3F6EA385F400D1E272AF71A230462D4A78F34600C6D608B24C98CD4352CA732F1CEA1EC1D02EDAD4392F5F02515D5808A099C08B64CFC42465E7E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34 |
Entropy (8bit): | 4.124083797069061 |
Encrypted: | false |
SSDEEP: | 3:LlzRWDNMSdn:PWbn |
MD5: | 677CC4360477C72CB0CE00406A949C61 |
SHA1: | B679E8C3427F6C5FC47C8AC46CD0E56C9424DE05 |
SHA-256: | F1CCCB5AE4AA51D293BD3C7D2A1A04CB7847D22C5DB8E05AC64E9A6D7455AA0B |
SHA-512: | 7CFE2CC92F9E659F0A15A295624D611B3363BD01EB5BCF9BC7681EA9B70B0564D192D570D294657C8DC2C93497FA3B4526C975A9BF35D69617C31D9936573C6A |
Malicious: | false |
Preview: |
Process: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2454528 |
Entropy (8bit): | 7.617633665179232 |
Encrypted: | false |
SSDEEP: | 49152:LKkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi:LKkizioaAidp6UPSH0ttmx6TUXx |
MD5: | DEF21977FE76F2744669724D9A26A39F |
SHA1: | 551A5E45C867746CD8827DA53E0EDB83CE3142A1 |
SHA-256: | CD7E520EF631E39FAB8C8A85306665E8EF3BF12B35F4034FA745A3C9071181AF |
SHA-512: | 308C03FA265A6D08C8B7EE4A3863E288E0FBBE187B63CDB88BB436F6B1AE2E2843DD3B6FFF23A2D7C08F170A8F11F9442EAEC07EA0C9160F4D5467F74984241E |
Malicious: | true |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.558820661068853 |
TrID: |
|
File name: | file.exe |
File size: | 2'771'800 bytes |
MD5: | 8a0082dc4822b5f82dee8be67d86d402 |
SHA1: | aa50f62b0ad60570db6d854ba2618f25a2b95882 |
SHA256: | 443b28843ef46edf389d28b02cb45b89ec6a871f87f5b8bbeee8bb5e1e609126 |
SHA512: | 64e1ebd45d34be7fbda474ef55b6ef68df973de0ab81b696d34434f9934a7af615eab1f434dfee58e8eba8ca947c66ba5eebe09cf785749d62a87b595fbd1227 |
SSDEEP: | 49152:UbA30/KkiIZreDioaAidp6UsmSqmpCmMvG9gxmvZ6TUXxi4:UbrKkizioaAidp6UPSH0ttmx6TUXxb |
TLSH: | 2CD5D0017E44CE91F0181673C1AF520847B4E9112BA6E72BBDA9337D95363937E0EADB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'.. |
Icon Hash: | 1515d4d4442f2d2d |
Entrypoint: | 0x41ec40 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5FC684D7 [Tue Dec 1 18:00:55 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | fcf1390e9ce472c7270447fc5c61a0c1 |
Instruction |
---|
call 00007FE780D314A9h |
jmp 00007FE780D30EBDh |
cmp ecx, dword ptr [0043E668h] |
jne 00007FE780D31035h |
ret |
jmp 00007FE780D3162Eh |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FE780D23DC7h |
mov dword ptr [esi], 00435580h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00435588h |
mov dword ptr [ecx], 00435580h |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 00435568h |
push eax |
call 00007FE780D341CDh |
pop ecx |
ret |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FE780D23D5Eh |
push 0043B704h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FE780D338E2h |
int3 |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FE780D30FD4h |
push 0043B91Ch |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FE780D338C5h |
int3 |
jmp 00007FE780D35913h |
jmp dword ptr [00433260h] |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push 00421EB0h |
push dword ptr fs:[00000000h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3c820 | 0x34 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3c854 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x63000 | 0xdfd0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x71000 | 0x2268 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3aac0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x35508 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x33000 | 0x260 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x3bdc4 | 0x120 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x310ea | 0x31200 | c5bf61bbedb6ad471e9dc6266398e965 | False | 0.583959526081425 | data | 6.708075396341128 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x33000 | 0xa612 | 0xa800 | 7980b588d5b28128a2f3c36cabe2ce98 | False | 0.45284598214285715 | data | 5.221742709250668 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3e000 | 0x23728 | 0x1000 | 201530c9e56f172adf2473053298d48f | False | 0.36767578125 | data | 3.7088186669877685 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didat | 0x62000 | 0x188 | 0x200 | c5d41d8f254f69e567595ab94266cfdc | False | 0.4453125 | data | 3.2982538067961342 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x63000 | 0xdfd0 | 0xe000 | f6c0f34fae6331b50a7ad2efc4bfefdb | False | 0.6370326450892857 | data | 6.6367506404157535 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x71000 | 0x2268 | 0x2400 | c7a942b723cb29d9c02f7c611b544b50 | False | 0.7681206597222222 | data | 6.5548620101740545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PNG | 0x63650 | 0xb45 | PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced | English | United States | 1.0027729636048528 |
PNG | 0x64198 | 0x15a9 | PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced | English | United States | 0.9363390441839495 |
RT_ICON | 0x65748 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors | English | United States | 0.47832369942196534 |
RT_ICON | 0x65cb0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors | English | United States | 0.5410649819494585 |
RT_ICON | 0x66558 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors | English | United States | 0.4933368869936034 |
RT_ICON | 0x67400 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m | English | United States | 0.5390070921985816 |
RT_ICON | 0x67868 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m | English | United States | 0.41393058161350843 |
RT_ICON | 0x68910 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m | English | United States | 0.3479253112033195 |
RT_ICON | 0x6aeb8 | 0x3d71 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9809269502193401 |
RT_DIALOG | 0x6f588 | 0x286 | data | English | United States | 0.5092879256965944 |
RT_DIALOG | 0x6f358 | 0x13a | data | English | United States | 0.60828025477707 |
RT_DIALOG | 0x6f498 | 0xec | data | English | United States | 0.6991525423728814 |
RT_DIALOG | 0x6f228 | 0x12e | data | English | United States | 0.5927152317880795 |
RT_DIALOG | 0x6eef0 | 0x338 | data | English | United States | 0.45145631067961167 |
RT_DIALOG | 0x6ec98 | 0x252 | data | English | United States | 0.5757575757575758 |
RT_STRING | 0x6ff68 | 0x1e2 | data | English | United States | 0.3900414937759336 |
RT_STRING | 0x70150 | 0x1cc | data | English | United States | 0.4282608695652174 |
RT_STRING | 0x70320 | 0x1b8 | data | English | United States | 0.45681818181818185 |
RT_STRING | 0x704d8 | 0x146 | data | English | United States | 0.5153374233128835 |
RT_STRING | 0x70620 | 0x446 | data | English | United States | 0.340036563071298 |
RT_STRING | 0x70a68 | 0x166 | data | English | United States | 0.49162011173184356 |
RT_STRING | 0x70bd0 | 0x152 | data | English | United States | 0.5059171597633136 |
RT_STRING | 0x70d28 | 0x10a | data | English | United States | 0.49624060150375937 |
RT_STRING | 0x70e38 | 0xbc | data | English | United States | 0.6329787234042553 |
RT_STRING | 0x70ef8 | 0xd6 | data | English | United States | 0.5747663551401869 |
RT_GROUP_ICON | 0x6ec30 | 0x68 | data | English | United States | 0.7019230769230769 |
RT_MANIFEST | 0x6f810 | 0x753 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.3957333333333333 |
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer |
gdiplus.dll | GdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 01:01:53.426326036 CEST | 53 | 49946 | 162.159.36.2 | 192.168.2.7 |
Sep 29, 2024 01:01:54.161360979 CEST | 53 | 63911 | 1.1.1.1 | 192.168.2.7 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 19:01:08 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb80000 |
File size: | 2'771'800 bytes |
MD5 hash: | 8A0082DC4822B5F82DEE8BE67D86D402 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 19:01:08 |
Start date: | 28/09/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf50000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 19:01:08 |
Start date: | 28/09/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf50000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 19:01:10 |
Start date: | 28/09/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 19:01:10 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 19:01:10 |
Start date: | 28/09/2024 |
Path: | C:\reviewDriverIntosessionnet\comProviderServer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x720000 |
File size: | 2'454'528 bytes |
MD5 hash: | DEF21977FE76F2744669724D9A26A39F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 10 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 11 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 12 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 19:01:12 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 19:01:13 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 35 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 36 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 37 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 39 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 40 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 41 |
Start time: | 19:01:14 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff740770000 |
File size: | 235'008 bytes |
MD5 hash: | 76CD6626DD8834BD4A42E6A565104DC2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 9.7% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.4% |
Total number of Nodes: | 1472 |
Total number of Limit Nodes: | 30 |
Graph
Function 00B9D5D4 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99E1C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B900CF Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B81385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B81380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB188 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA8606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9A39D Relevance: 3.0, APIs: 2, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B812E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B819A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B83B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B81E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B892E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8AA88 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B85BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA8518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9E1F9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B896D0 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAD00E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B86EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8407E Relevance: 1.6, Strings: 1, Instructions: 332COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8ACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9F063 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB710 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B95C77 Relevance: .8, Instructions: 800COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B970BF Relevance: .8, Instructions: 773COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8ED14 Relevance: .7, Instructions: 694COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B96A7B Relevance: .5, Instructions: 509COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8BE13 Relevance: .4, Instructions: 449COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA0B43 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA0F78 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA070E Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B96646 Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA02F6 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8E2A0 Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B93A3C Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4969 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B93D6D Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA473A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8DE6C Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8E8A0 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8F968 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B937C1 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B85F3C Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA8EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B98E62 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 125memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAEE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B991B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA75C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8EB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA8060 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B90889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAF08 Relevance: .6, Instructions: 648COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2AC0 Relevance: .6, Instructions: 609COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2BF0 Relevance: .6, Instructions: 606COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAF35 Relevance: .4, Instructions: 444COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FC5F0 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAF58 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB0AD Relevance: .5, Instructions: 494COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FCB00 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FE660 Relevance: .3, Instructions: 342COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F1B35 Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F05F0 Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB090 Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FC9B8 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F1688 Relevance: .3, Instructions: 285COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB04D Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2189 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2A15 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F35FE Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAF78 Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB13D Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F0610 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F05D0 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F33DC Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAEE0 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F27CD Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F3078 Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FAF2D Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FCAB0 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2A10 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB0B8 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F1D29 Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB092 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FCAC8 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F120D Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2DE9 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC422CF0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB0B5 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F29F8 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F3190 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FA8F8 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F1220 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FB220 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FCCB8 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F266D Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F0500 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2E78 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F3188 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FA968 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F32B1 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F04F8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3FCC88 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F0A01 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2EE8 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F26F9 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F31F8 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F05D8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F0608 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F2768 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFAAC3F0FAB Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|