Windows
Analysis Report
calc.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- calc.exe (PID: 7856 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 7948 cmdline:
"C:\Window s\System32 \wscript.e xe" gszpj8 rp81.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 7996 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 8008 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 8084 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 8024 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 8040 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 8120 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 8056 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 8184 cmdline:
"C:\Window s\System32 \wscript.e xe" 10a1DJ wqnr.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 7284 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 7300 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 7540 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 7352 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 7448 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 756 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 7516 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 1196 cmdline:
"C:\Window s\System32 \wscript.e xe" Kiql0e mrm5.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 6848 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 3500 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 4540 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 3504 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 4472 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 6872 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 6960 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 2548 cmdline:
"C:\Window s\System32 \wscript.e xe" mdWett qHRh.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 5464 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 312 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 1308 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 3636 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 1736 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 2060 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 2168 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 3872 cmdline:
"C:\Window s\System32 \wscript.e xe" KobIIT Timt.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 7776 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 2464 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 2940 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 2340 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 2772 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 3404 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 3272 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 7864 cmdline:
"C:\Window s\System32 \wscript.e xe" dLMJwK QlPv.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 8044 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 7964 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 8032 cmdline:
C:\Windows \system32\ net1 user LocalAdmin istrator / add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - net.exe (PID: 8112 cmdline:
"C:\Window s\System32 \net.exe" localgroup administr ators Loca lAdministr ator /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 8148 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net1.exe (PID: 7984 cmdline:
C:\Windows \system32\ net1 local group admi nistrators LocalAdmi nistrator /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1) - calc.exe (PID: 8028 cmdline:
"C:\Users\ user\Deskt op\calc.ex e" MD5: 2F9FDAD776D8626F2CE8625211831E91) - wscript.exe (PID: 8156 cmdline:
"C:\Window s\System32 \wscript.e xe" aw1HUl 4bYu.jse MD5: FF00E0480075B095948000BDC66E81F0) - net.exe (PID: 8160 cmdline:
"C:\Window s\System32 \net.exe" user Local Administra tor /add MD5: 31890A7DE89936F922D44D677F681A7F) - conhost.exe (PID: 8176 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Endgame, JHasenbusch (adapted to Sigma for oscd.community): |
Source: | Author: Michael Haag: |
Source: | Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): |
Click to jump to signature section
AV Detection |
---|
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00425639 | |
Source: | Code function: | 0_2_004230D5 | |
Source: | Code function: | 0_2_0041510D | |
Source: | Code function: | 0_2_0042320D | |
Source: | Code function: | 0_2_00426292 | |
Source: | Code function: | 0_2_00425838 | |
Source: | Code function: | 0_2_00422C4D | |
Source: | Code function: | 0_2_00414E16 | |
Source: | Code function: | 0_2_00414FFA | |
Source: | Code function: | 7_2_00425639 | |
Source: | Code function: | 7_2_004230D5 | |
Source: | Code function: | 7_2_0041510D | |
Source: | Code function: | 7_2_0042320D | |
Source: | Code function: | 7_2_00426292 | |
Source: | Code function: | 7_2_00425838 | |
Source: | Code function: | 7_2_00422C4D | |
Source: | Code function: | 7_2_00414E16 | |
Source: | Code function: | 7_2_00414FFA |
Source: | Code function: | 0_2_0042A322 |
Source: | Code function: | 0_2_0042A4F2 | |
Source: | Code function: | 7_2_0042A4F2 |
Source: | Code function: | 0_2_0042A322 |
Source: | Code function: | 0_2_0041111C |
Source: | Code function: | 0_2_004045EC | |
Source: | Code function: | 7_2_004045EC |
System Summary |
---|
Source: | COM Object queried: | Jump to behavior |
Source: | Code function: | 7_2_0040165B | |
Source: | Code function: | 7_2_0040D33A |
Source: | Code function: | 0_2_00424856 |
Source: | Code function: | 0_2_00415C2E | |
Source: | Code function: | 7_2_00415C2E |
Source: | Code function: | 0_2_0043244B | |
Source: | Code function: | 0_2_004422B6 | |
Source: | Code function: | 0_2_00444317 | |
Source: | Code function: | 0_2_0043A442 | |
Source: | Code function: | 0_2_0043E46A | |
Source: | Code function: | 0_2_004045EC | |
Source: | Code function: | 0_2_0044E616 | |
Source: | Code function: | 0_2_00448776 | |
Source: | Code function: | 0_2_0044D7D4 | |
Source: | Code function: | 0_2_00456824 | |
Source: | Code function: | 0_2_00441961 | |
Source: | Code function: | 0_2_00442AF9 | |
Source: | Code function: | 0_2_00420D89 | |
Source: | Code function: | 0_2_00421E0D | |
Source: | Code function: | 0_2_00450F74 | |
Source: | Code function: | 7_2_0043244B | |
Source: | Code function: | 7_2_004422B6 | |
Source: | Code function: | 7_2_00444317 | |
Source: | Code function: | 7_2_0043A442 | |
Source: | Code function: | 7_2_0043E46A | |
Source: | Code function: | 7_2_004045EC | |
Source: | Code function: | 7_2_0044E616 | |
Source: | Code function: | 7_2_00448776 | |
Source: | Code function: | 7_2_0044D7D4 | |
Source: | Code function: | 7_2_00456824 | |
Source: | Code function: | 7_2_00441961 | |
Source: | Code function: | 7_2_00442AF9 | |
Source: | Code function: | 7_2_00420D89 | |
Source: | Code function: | 7_2_00421E0D | |
Source: | Code function: | 7_2_00450F74 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0041FE6D |
Source: | Code function: | 0_2_00415C2E | |
Source: | Code function: | 7_2_00415C2E |
Source: | Code function: | 0_2_004240D8 |
Source: | Code function: | 0_2_00430DCB |
Source: | Code function: | 0_2_0041605B |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Code function: | 0_2_00439814 |
Source: | Code function: | 0_2_0044C084 | |
Source: | Code function: | 0_2_0044C0AC | |
Source: | Code function: | 0_2_00459692 | |
Source: | Code function: | 0_2_0044D7D3 | |
Source: | Code function: | 7_2_0044C084 | |
Source: | Code function: | 7_2_0044C0AC | |
Source: | Code function: | 7_2_00459692 | |
Source: | Code function: | 7_2_0044D7D3 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Code function: | 0_2_00412196 | |
Source: | Code function: | 0_2_00440FF0 | |
Source: | Code function: | 7_2_00412196 | |
Source: | Code function: | 7_2_00440FF0 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: |
Source: | Evasive API call chain: | graph_0-51143 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00425639 | |
Source: | Code function: | 0_2_004230D5 | |
Source: | Code function: | 0_2_0041510D | |
Source: | Code function: | 0_2_0042320D | |
Source: | Code function: | 0_2_00426292 | |
Source: | Code function: | 0_2_00425838 | |
Source: | Code function: | 0_2_00422C4D | |
Source: | Code function: | 0_2_00414E16 | |
Source: | Code function: | 0_2_00414FFA | |
Source: | Code function: | 7_2_00425639 | |
Source: | Code function: | 7_2_004230D5 | |
Source: | Code function: | 7_2_0041510D | |
Source: | Code function: | 7_2_0042320D | |
Source: | Code function: | 7_2_00426292 | |
Source: | Code function: | 7_2_00425838 | |
Source: | Code function: | 7_2_00422C4D | |
Source: | Code function: | 7_2_00414E16 | |
Source: | Code function: | 7_2_00414FFA |
Source: | Code function: | 0_2_0040EA76 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00439814 |
Source: | Code function: | 0_2_0040109D |
Source: | Code function: | 0_2_00412196 |
Source: | Code function: | 0_2_00415D53 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_004558FF | |
Source: | Code function: | 7_2_004558FF |
Source: | Code function: | 0_2_00454555 |
Source: | Code function: | 0_2_0043738E |
Source: | Code function: | 0_2_004527E8 |
Source: | Code function: | 0_2_0040EA76 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0042F3BC | |
Source: | Code function: | 0_2_0042F9C7 | |
Source: | Code function: | 0_2_00430B6B | |
Source: | Code function: | 7_2_0042F3BC | |
Source: | Code function: | 7_2_0042F9C7 | |
Source: | Code function: | 7_2_00430B6B |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 2 Command and Scripting Interpreter | 1 Create Account | 1 Exploitation for Privilege Escalation | 1 Masquerading | 21 Input Capture | 2 System Time Discovery | Remote Services | 21 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 2 Native API | 1 Scripting | 1 Access Token Manipulation | 1 Access Token Manipulation | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 DLL Side-Loading | 12 Process Injection | 12 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 21 Obfuscated Files or Information | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 11 Software Packing | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 2 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 16 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523638 |
Start date and time: | 2024-10-01 21:44:35 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 53 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | calc.exe |
Detection: | MAL |
Classification: | mal60.winEXE@93/7@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.165.165.26
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: calc.exe
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 905 |
Entropy (8bit): | 6.202615493257142 |
Encrypted: | false |
SSDEEP: | 24:GPGG/rOmDyEA/lgQhs9O/E0+JSaywxBv/7DiNVkvzksm5qWdB:GPGuKmDBylgQ69OsZd1/CNavVWb |
MD5: | B4EB7F28555DDA63F591A950F2DB89D1 |
SHA1: | 92BA2174422096A09CE506C041165564360ACCC3 |
SHA-256: | 00C9F54DC4DEEC12DB8BA086EC347D03F978E46222D9C5EC5C6240F7AC171C5C |
SHA-512: | 3268DE3032832A54E3251589B6D41FF43F3181E7FBC5DE6D466EA45C6DB0C8BBA6704F87954B4E28A9273067EBE20066169FF70F896A236A3F786291FB660D24 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.898423357288493 |
TrID: |
|
File name: | calc.exe |
File size: | 206'377 bytes |
MD5: | 2f9fdad776d8626f2ce8625211831e91 |
SHA1: | 21d8413eb0d60b36fc249f8025c277b557fefde3 |
SHA256: | 9b66a8ea0f1c64965b06e7a45afbe56f2d4e6d5ef65f32446defccbebe730813 |
SHA512: | 2abd61c6bea7c748f81cdd18133582217bd06dd19506f13f89953f8c7bd662fc5233540b9f56c57aa94e038c674128fc46dd280e2f7db642343fc5a45da25feb |
SSDEEP: | 6144:96LkVO8A1X2og0tEHH45Y0KTIVaTycTVDNe4oI:TMJ1X2og0MHGKT3RRwG |
TLSH: | EE141225F3ED187CD45C8E3B071E9874D20EA6F2C2820A7E6E549ADBEC557101C7AB1D |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H+..)E..)E..)E..!,..)E.\>%..)E.\>J..)E.\>..|)E.Q!...)E...Y..)E..!...)E...(..)E.(.\..)E.Q!...)E..)D..(E.\>!..)E.>"...)E.\>...)E |
Icon Hash: | e4d4f0d4d4d4d460 |
Entrypoint: | 0x488080 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4656F23B [Fri May 25 14:27:07 2007 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | fd50eeaa7137498c4740b429b41a482e |
Instruction |
---|
pushad |
mov esi, 00458000h |
lea edi, dword ptr [esi-00057000h] |
push edi |
jmp 00007F300067577Dh |
nop |
mov al, byte ptr [esi] |
inc esi |
mov byte ptr [edi], al |
inc edi |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F300067575Fh |
mov eax, 00000001h |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
add ebx, ebx |
jnc 00007F300067577Dh |
jne 00007F300067579Ah |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F3000675791h |
dec eax |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
jmp 00007F3000675746h |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
jmp 00007F30006757C4h |
xor ecx, ecx |
sub eax, 03h |
jc 00007F3000675783h |
shl eax, 08h |
mov al, byte ptr [esi] |
inc esi |
xor eax, FFFFFFFFh |
je 00007F30006757E7h |
sar eax, 1 |
mov ebp, eax |
jmp 00007F300067577Dh |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F300067573Eh |
inc ecx |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F3000675730h |
add ebx, ebx |
jne 00007F3000675779h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
add ebx, ebx |
jnc 00007F3000675761h |
jne 00007F300067577Bh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jnc 00007F3000675756h |
add ecx, 02h |
cmp ebp, FFFFFB00h |
adc ecx, 02h |
lea edx, dword ptr [edi+ebp] |
cmp ebp, FFFFFFFCh |
jbe 00007F3000675780h |
mov al, byte ptr [edx] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x89e8c | 0x310 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x89000 | 0xe8c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x57000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX1 | 0x58000 | 0x31000 | 0x30400 | 3820b49f074de0d36c50a7babb2200ed | False | 0.9900420984455959 | data | 7.923658427357822 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x89000 | 0x2000 | 0x1200 | d8312ec9afba4f967d7c2e34b8b3e76f | False | 0.3682725694444444 | data | 4.437280170665141 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x893bc | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | Great Britain | 0.13172043010752688 |
RT_ICON | 0x896a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0x897d4 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_MENU | 0x828f0 | 0x50 | data | English | Great Britain | 1.1375 |
RT_DIALOG | 0x82940 | 0xfc | data | English | Great Britain | 1.0436507936507937 |
RT_STRING | 0x82a40 | 0x598 | data | English | Great Britain | 1.0076815642458101 |
RT_STRING | 0x82fd8 | 0x690 | data | English | Great Britain | 1.006547619047619 |
RT_STRING | 0x83668 | 0x4ce | OpenPGP Public Key Version 4, Created Fri Jun 29 18:33:11 2035, Unknown Algorithm (0xf3); Public Subkey | English | Great Britain | 1.0089430894308944 |
RT_STRING | 0x83b38 | 0x5fa | data | English | Great Britain | 1.00718954248366 |
RT_STRING | 0x84138 | 0x572 | data | English | Great Britain | 1.0078909612625537 |
RT_STRING | 0x846b0 | 0x428 | data | English | Great Britain | 1.0103383458646618 |
RT_GROUP_ICON | 0x89900 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x89918 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x89930 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x89948 | 0x19c | data | English | Great Britain | 0.5533980582524272 |
RT_MANIFEST | 0x89ae8 | 0x3a3 | XML 1.0 document, ASCII text, with CRLF line terminators | English | Great Britain | 0.4790547798066595 |
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
ADVAPI32.dll | RegCloseKey |
COMCTL32.dll | ImageList_Remove |
comdlg32.dll | GetSaveFileNameW |
GDI32.dll | LineTo |
MPR.dll | WNetUseConnectionW |
ole32.dll | CoInitialize |
OLEAUT32.dll | GetActiveObject |
SHELL32.dll | DragFinish |
USER32.dll | GetDC |
VERSION.dll | VerQueryValueW |
WINMM.dll | timeGetTime |
WSOCK32.dll | listen |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:45:29 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:45:29 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:45:30 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 15:45:31 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 22 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 15:45:32 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 15:45:33 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 15:45:34 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 35 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 36 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 37 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 39 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 40 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 41 |
Start time: | 15:45:35 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 42 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 43 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 44 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 45 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 46 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 47 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 206'377 bytes |
MD5 hash: | 2F9FDAD776D8626F2CE8625211831E91 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 48 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 49 |
Start time: | 15:45:36 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 139'776 bytes |
MD5 hash: | 2EFE6ED4C294AB8A39EB59C80813FEC1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 50 |
Start time: | 15:45:37 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 147'456 bytes |
MD5 hash: | FF00E0480075B095948000BDC66E81F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 51 |
Start time: | 15:45:37 |
Start date: | 01/10/2024 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 47'104 bytes |
MD5 hash: | 31890A7DE89936F922D44D677F681A7F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 52 |
Start time: | 15:45:37 |
Start date: | 01/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 4.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 10.7% |
Total number of Nodes: | 1881 |
Total number of Limit Nodes: | 23 |
Graph
Function 00439814 Relevance: 60.4, APIs: 11, Strings: 23, Instructions: 893libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425639 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 117fileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430DCB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 250comCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043244B Relevance: .6, Instructions: 624COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040127D Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040165B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 131windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404205 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 49registrywindowclipboardCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F71A Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 164registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044ADFD Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 13libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455359 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455BA1 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041629F Relevance: 7.5, APIs: 5, Instructions: 32serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401904 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044FF81 Relevance: 6.2, APIs: 4, Instructions: 168fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E97 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442C1C Relevance: 3.1, APIs: 2, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449C88 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449A38 Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E07D Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416168 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044FD57 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443162 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129C0 Relevance: 1.5, APIs: 1, Instructions: 33windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E55 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043138D Relevance: 1.3, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413E1F Relevance: 1.3, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045EC Relevance: 127.5, APIs: 68, Strings: 4, Instructions: 1483windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412196 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 120keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415C2E Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 64shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A442 Relevance: 20.5, Strings: 16, Instructions: 542COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004527E8 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 212timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041510D Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424856 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 112fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420D89 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 516sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422C4D Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 210timefileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004230D5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041605B Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F3BC Relevance: 9.1, APIs: 6, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426292 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120filesleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430B6B Relevance: 7.7, APIs: 5, Instructions: 226comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440FF0 Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425838 Relevance: 4.6, APIs: 3, Instructions: 117fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E16 Relevance: 4.5, APIs: 3, Instructions: 21fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444317 Relevance: 3.8, Strings: 1, Instructions: 2537COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421E0D Relevance: 3.3, APIs: 2, Instructions: 273COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042320D Relevance: 3.0, APIs: 2, Instructions: 46fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FE6D Relevance: 3.0, APIs: 2, Instructions: 15windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448776 Relevance: 1.9, Strings: 1, Instructions: 611COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004558FF Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043738E Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004422B6 Relevance: .6, Instructions: 646COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456824 Relevance: .4, Instructions: 357COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E46A Relevance: .3, Instructions: 342COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D7D4 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438A4D Relevance: 63.5, APIs: 34, Strings: 2, Instructions: 474filepipeprocessCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D33A Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 294windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B07 Relevance: 51.2, APIs: 34, Instructions: 239COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407A0B Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 472windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C822 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 300windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040667C Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 279windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441086 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 348windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B005 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 205windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043BC56 Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 448registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004530C8 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117fileCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004545BB Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 99COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C499 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 71libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412E32 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 208windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418B39 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 399timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430763 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 138registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455EDD Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043936F Relevance: 19.9, APIs: 13, Instructions: 361COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042ED85 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 212networkmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004126BC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 169windowsleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004305B5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 143registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004108E0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128keyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149FA Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 80sleeptimewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004301FC Relevance: 18.2, APIs: 12, Instructions: 193COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E741 Relevance: 18.2, APIs: 12, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430474 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 108registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D7FC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456097 Relevance: 16.8, APIs: 11, Instructions: 309COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453588 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442E86 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 236fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402257 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040205D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406DD9 Relevance: 15.2, APIs: 10, Instructions: 152COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422EA1 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FAEE Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 134windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ACC5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408346 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004028E7 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F96A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 65windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457A2F Relevance: 13.8, APIs: 9, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450BDA Relevance: 13.7, APIs: 9, Instructions: 196COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043CB9B Relevance: 13.6, APIs: 9, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401DB3 Relevance: 13.6, APIs: 9, Instructions: 64sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004133AD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 123windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FCD4 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 116windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004159F1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412B78 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 68windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455946 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406535 Relevance: 12.1, APIs: 8, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417905 Relevance: 12.0, APIs: 8, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004092FB Relevance: 10.9, APIs: 7, Instructions: 428COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BBDB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B7B2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B225 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414469 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412305 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C2B2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37threadCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C7EA Relevance: 9.2, APIs: 6, Instructions: 219fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004236D5 Relevance: 9.2, APIs: 6, Instructions: 188COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454706 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453BD4 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440AA4 Relevance: 9.1, APIs: 6, Instructions: 118windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B6AE Relevance: 9.1, APIs: 6, Instructions: 93windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CE65 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004536F2 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411E91 Relevance: 9.1, APIs: 6, Instructions: 56sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CBFD Relevance: 9.1, APIs: 6, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EF2E Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 222libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402148 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B89C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EE82 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AEC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409CDF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454432 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004551AD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 13libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454A84 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DA7D Relevance: 7.7, APIs: 5, Instructions: 166COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D560 Relevance: 7.7, APIs: 5, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426415 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417AB2 Relevance: 7.6, APIs: 5, Instructions: 108sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C70C Relevance: 7.6, APIs: 5, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D99A Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406CF6 Relevance: 7.6, APIs: 5, Instructions: 86windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040850D Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CCF8 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041553B Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F316 Relevance: 7.6, APIs: 5, Instructions: 66networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D713 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415F9F Relevance: 7.6, APIs: 5, Instructions: 54sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041255C Relevance: 7.5, APIs: 5, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D6BD Relevance: 7.5, APIs: 5, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CC87 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004137E9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004246CD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041352C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004155D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ABEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B37A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AA6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004042C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B2D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408A31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043004A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430071 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430023 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004300E6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004120F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430098 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004300BF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416372 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004163C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004163E7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416399 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B451 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041640E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416435 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004124CB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004124F2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004265CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004265F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004265A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004418D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004418FB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D903 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FD05 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FE76 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EE00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EE27 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FEC4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FEEB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FE9D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FF12 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FF39 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FFD5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FFFC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FF87 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FFAE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403AB0 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004080B0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406BB2 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004309C0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004509A2 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C4BD Relevance: 6.1, APIs: 4, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457BDC Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450CF4 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D95 Relevance: 6.1, APIs: 4, Instructions: 91windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F490 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042003A Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B66E Relevance: 6.1, APIs: 4, Instructions: 69threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C97 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AFC4 Relevance: 6.1, APIs: 4, Instructions: 65threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E459 Relevance: 6.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414971 Relevance: 6.1, APIs: 4, Instructions: 51synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040418F Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457312 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C29 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045705F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B435 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BACF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A9BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A701 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401FC4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EA6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F36 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A895 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441486 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004414BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004144F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 4.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.7% |
Total number of Nodes: | 1887 |
Total number of Limit Nodes: | 22 |
Graph
Function 00425639 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 117fileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040165B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 131nativewindowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439814 Relevance: 60.4, APIs: 11, Strings: 23, Instructions: 893libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040127D Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404205 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 49registrywindowclipboardCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430DCB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 250comCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F71A Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 164registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044ADFD Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 13libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455359 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455BA1 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041629F Relevance: 7.5, APIs: 5, Instructions: 32serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401904 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044FF81 Relevance: 6.2, APIs: 4, Instructions: 168fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E97 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442C1C Relevance: 3.1, APIs: 2, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449C88 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449A38 Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E07D Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416168 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044FD57 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443162 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129C0 Relevance: 1.5, APIs: 1, Instructions: 33windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E55 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043138D Relevance: 1.3, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413E1F Relevance: 1.3, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004230D5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441086 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 348windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B005 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 205windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004530C8 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117fileCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040205D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041605B Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D03A Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043004A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430071 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430023 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004300E6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004120F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042003A Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045705F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|