Windows
Analysis Report
file.dll
Overview
General Information
Sample name: | file.dllrenamed because original name is a hash value |
Original sample name: | file.exe |
Analysis ID: | 1524403 |
MD5: | 69d883f1a13a13d5f198b45a5df0ba97 |
SHA1: | 940678df6cc3814046d7acac5bd0ab1b8664249d |
SHA256: | 5749acfc3cb027699aa197427c06334c69fb7d36add21f32105cd4033f3a191b |
Tags: | dllexesignedx64user-jstrosch |
Infos: | |
Detection
Score: | 9 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 6236 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\fil e.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 5956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 828 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\fil e.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 2192 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - regsvr32.exe (PID: 2896 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\fi le.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - rundll32.exe (PID: 7044 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,CheckM ozJavaPlug ins MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6496 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,DllCan UnloadNow MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6664 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,DllGet ClassObjec t MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 3756 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 664 -s 348 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 8_2_00007FFD9DF977C0 | |
Source: | Code function: | 8_2_00007FFD9DF994A8 | |
Source: | Code function: | 8_2_00007FFD9DFB81B4 |
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 8_2_00007FFD9DF9D740 | |
Source: | Code function: | 8_2_00007FFD9DF91F64 | |
Source: | Code function: | 8_2_00007FFD9DF91520 | |
Source: | Code function: | 8_2_00007FFD9DFB2660 | |
Source: | Code function: | 8_2_00007FFD9DFB6690 | |
Source: | Code function: | 8_2_00007FFD9DF9DE90 | |
Source: | Code function: | 8_2_00007FFD9DF9475C | |
Source: | Code function: | 8_2_00007FFD9DFB7FA8 | |
Source: | Code function: | 8_2_00007FFD9DF957E0 | |
Source: | Code function: | 8_2_00007FFD9DF99010 | |
Source: | Code function: | 8_2_00007FFD9DFA5858 | |
Source: | Code function: | 8_2_00007FFD9DF9DCA8 | |
Source: | Code function: | 8_2_00007FFD9DF957E0 | |
Source: | Code function: | 8_2_00007FFD9DFBA4F4 | |
Source: | Code function: | 8_2_00007FFD9DFB4588 | |
Source: | Code function: | 8_2_00007FFD9DFB1DC8 | |
Source: | Code function: | 8_2_00007FFD9DFBD5E4 | |
Source: | Code function: | 8_2_00007FFD9DFA8E14 | |
Source: | Code function: | 8_2_00007FFD9DFA5ADC | |
Source: | Code function: | 8_2_00007FFD9DFAE2EC | |
Source: | Code function: | 8_2_00007FFD9DF92BCC | |
Source: | Code function: | 8_2_00007FFD9DFC0BF8 | |
Source: | Code function: | 8_2_00007FFD9DF953F0 | |
Source: | Code function: | 8_2_00007FFD9DFAAC50 | |
Source: | Code function: | 8_2_00007FFD9DFAF87C | |
Source: | Code function: | 8_2_00007FFD9DFB6074 | |
Source: | Code function: | 8_2_00007FFD9DFB4588 | |
Source: | Code function: | 8_2_00007FFD9DFAE8C0 | |
Source: | Code function: | 8_2_00007FFD9DFA8908 | |
Source: | Code function: | 8_2_00007FFD9DF97988 | |
Source: | Code function: | 8_2_00007FFD9DFB81B4 | |
Source: | Code function: | 8_2_00007FFD9DFAB204 | |
Source: | Code function: | 8_2_00007FFD9DFBCA2C |
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Registry key queried: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 8_2_00007FFD9DF937D4 |
Source: | Code function: | 8_2_00007FFD9DF94418 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 8_2_00007FFD9DF96D4C |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 8_2_00007FFD9DF977C0 | |
Source: | Code function: | 8_2_00007FFD9DF994A8 | |
Source: | Code function: | 8_2_00007FFD9DFB81B4 |
Source: | Code function: | 8_2_00007FFD9DFA42A8 |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 8_2_00007FFD9DFA3E7C |
Source: | Code function: | 8_2_00007FFD9DF9F3F4 |
Source: | Code function: | 8_2_00007FFD9DF96D4C |
Source: | Code function: | 8_2_00007FFD9DFB93A4 |
Source: | Code function: | 8_2_00007FFD9DFA3E7C | |
Source: | Code function: | 8_2_00007FFD9DFA0398 | |
Source: | Code function: | 8_2_00007FFD9DF9F94C |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 8_2_00007FFD9DFC0910 |
Source: | Code function: | 8_2_00007FFD9DFA06A8 |
Source: | Code function: | 8_2_00007FFD9DFB627C |
Source: | Code function: | 8_2_00007FFD9DF9A744 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 51 Security Software Discovery | Remote Desktop Protocol | 1 Browser Session Hijacking | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Regsvr32 | LSA Secrets | 14 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Rundll32 | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
15.164.165.52.in-addr.arpa | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524403 |
Start date and time: | 2024-10-02 19:00:54 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.dllrenamed because original name is a hash value |
Original Sample Name: | file.exe |
Detection: | CLEAN |
Classification: | clean9.winDLL@15/5@1/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: file.dll
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_4bdbc898aa41e69a58d6ca0b49de377bd76f77_d75f6fa5_76820721-d08e-48f8-b510-448c0ca67010\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7653006153516252 |
Encrypted: | false |
SSDEEP: | 192:s1jFiIy2o0x0Iv34jxMfzuiFbZ24lO8V:qhiF2mIv34jCzuiFbY4lO8V |
MD5: | E37FE8F90B620436904234E816306935 |
SHA1: | 04571A1955AA5D9BE5736A5893BC251687A3023C |
SHA-256: | 8FC80780378733A37306B8F9FE5E53DA968ECC26F85C123F5785EE74261E5398 |
SHA-512: | C70FEA52FA86116323B4B3B2F22C43406C8F60C7DDE4B409F6E8503B6F5B7D28A92AF8EA96DCEB6B0671D4E50A0872D7A481F069FC82666833AFF36EED326211 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71122 |
Entropy (8bit): | 1.2752295280738657 |
Encrypted: | false |
SSDEEP: | 192:wqb8QUhg/yOMxqMbb37Sge34eKMLdBSVwRYkf:DwfhWBMbb3w75BSVw+ |
MD5: | C205B2E97C00A7B11EA9FE9EC7409253 |
SHA1: | 1B324FB9932AE169272D96274EDB5FE3CEE13638 |
SHA-256: | 842BB7B001B1174D410C8725735B61A8D48536F7F6F72DDE9D19AAABC795AE39 |
SHA-512: | 846DAA70B4C99326129184FB1F16C7C0D7DB24E1AC3B751DD057734AA2C056AAECBA4548A4857BD3707D88BDFC448801AE82C8487C0C1018BFB07A1560B4A49B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8494 |
Entropy (8bit): | 3.6952404666897354 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJPELPNROj6YoYogmfiL0p0prp89b0eGfWcm:R6lXJ8rzq6YfogmfGOH0Hfk |
MD5: | 6346FF80190BCB261640AD3DF6AE29EF |
SHA1: | F47CA672DEF24040C9CB995500A4C558995B5536 |
SHA-256: | 9AF3FE91DA32A6445B8C17AB38341830AD866A953FC95C74C29C472E777A76FE |
SHA-512: | 2F40AEBC96FF3C3BF1630CDB0BD55FE43527865FD35C6E26AD4A22926F608E62BFD27F70F23B6AFE523AC606633057F6C0F851223939D956FCBA363247371208 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4729 |
Entropy (8bit): | 4.465403787700911 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs3Jg771I96//WpW8VYy0Ym8M4JCFCthaWEF4/Wyq85m1OWEkzptSTSxd:uIjfZI7f/u7VNJ3aWDWXOW1poOxd |
MD5: | CB146CEFD0C9096599337FF486440D08 |
SHA1: | 7524ECD5B9ACF434260CC20654264529D782DCE6 |
SHA-256: | 0FD909FF2E0DAB64881208F605B4D21180AF25587B4ECE84C0B51F4146279751 |
SHA-512: | 89EFA0927F6CC72B19A396CE11C73B7FDF9E85BE27804A96F74DBDDAD43984B452BB19F1278223C97BA9D71A662EAD91D6A20DAB6414EE7C787F681EC344C23F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.469520090410337 |
Encrypted: | false |
SSDEEP: | 6144:RzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNMjDH5S:JZHtYZWOKnMM6bFpaj4 |
MD5: | 4663AE42DD9F11C4B79207B031368373 |
SHA1: | 3B797D99246C4CCAFD2E7C393DCD04DCE0660BA3 |
SHA-256: | 0C7CEFDF14C49816CA6FA71771BB3C5A79EB814AFD50471E27CC0610FA46ACFD |
SHA-512: | 6D592F13E9A0AE15DD0372450F27A54D3E36EEE662759FF38A85EF3400BABB8DF020D5B5446E2030C0F67104FABCA8DC79276F6D322B18AB305D578746B57405 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.121355444788685 |
TrID: |
|
File name: | file.dll |
File size: | 351'392 bytes |
MD5: | 69d883f1a13a13d5f198b45a5df0ba97 |
SHA1: | 940678df6cc3814046d7acac5bd0ab1b8664249d |
SHA256: | 5749acfc3cb027699aa197427c06334c69fb7d36add21f32105cd4033f3a191b |
SHA512: | e06613bef2add30c0f5f0c4b5249461c19d813499ace04d94fa42bab237b22efb34a4c1e23565d72593c2bfbd6ad055cf5208968f8ea2b528b66ba6b0140e675 |
SSDEEP: | 6144:j2BK+kd25HU2gcv/Wa83jAqN1RiZNby0N:d+kKH9mT1N1RiL2C |
TLSH: | 54744B5473E418B8F477DA3988A28502DA76BC511B61DE9F6394024A2F37BE1C63DF32 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t...'...'...'...&...'...&...'..3'...'...&...'...&...'...&...'...&...'...'\..'...&...'=..&...'=..&...'=..'...'=..&...'Rich... |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x1800101c4 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x63BBD69B [Mon Jan 9 08:55:55 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 313483b5898aa91865cd36a9f29acb2e |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2876C1BECB51837D0E3DE50903D025B6 |
Thumbprint SHA-1: | 940D69C0A34A1B4CFD8048488BA86F4CED60481A |
Thumbprint SHA-256: | EE46613A38B4F486164BCE7FB23178667715617F511B364594311A1548B08EB1 |
Serial: | 068BE2F53452C882F18ED41A5DD4E7A3 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F225CB7EFE7h |
call 00007F225CB7F4A8h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F225CB7EE74h |
int3 |
int3 |
int3 |
retn 0000h |
int3 |
dec eax |
mov dword ptr [esp+10h], ebx |
dec eax |
mov dword ptr [esp+18h], esi |
push edi |
dec eax |
sub esp, 10h |
xor eax, eax |
mov dword ptr [0003FE31h], 00000002h |
xor ecx, ecx |
mov dword ptr [0003FE21h], 00000001h |
cpuid |
inc esp |
mov eax, ecx |
xor edi, edi |
inc esp |
mov ecx, ebx |
inc ecx |
xor eax, 6C65746Eh |
inc ecx |
xor ecx, 756E6547h |
inc esp |
mov edx, edx |
mov esi, eax |
xor ecx, ecx |
lea eax, dword ptr [edi+01h] |
inc ebp |
or ecx, eax |
cpuid |
inc ecx |
xor edx, 49656E69h |
mov dword ptr [esp], eax |
inc ebp |
or ecx, edx |
mov dword ptr [esp+04h], ebx |
inc esp |
mov ebx, ecx |
mov dword ptr [esp+08h], ecx |
mov dword ptr [esp+0Ch], edx |
jne 00007F225CB7F032h |
dec eax |
or dword ptr [0003FDDCh], FFFFFFFFh |
and eax, 0FFF3FF0h |
cmp eax, 000106C0h |
je 00007F225CB7F00Ah |
cmp eax, 00020660h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4e570 | 0x194 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4e704 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x56000 | 0xb80 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x53000 | 0x2730 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x53400 | 0x28a0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x57000 | 0x74c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x4a050 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x49f50 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x33000 | 0x4e0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x4e110 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x31aae | 0x31c00 | 9d052583f25e65ed28a8bdc48d5c964c | False | 0.5521454930904522 | data | 6.456251822305383 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x33000 | 0x1c72a | 0x1c800 | 5bbea155b354be5c20dd7fd564ee20c7 | False | 0.2625925164473684 | data | 4.377975050235937 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x50000 | 0x23d4 | 0x1000 | 61115e6cb33832668f270ea02c86a3c4 | False | 0.1748046875 | data | 2.5568170519688955 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x53000 | 0x2730 | 0x2800 | d2b3d8772cf7fd699c092ee71934ce58 | False | 0.4873046875 | data | 5.4732851134488545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x56000 | 0xb80 | 0xc00 | f92da0697814ff37131ef7f68d89bf7e | False | 0.3017578125 | data | 4.274647443366615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x57000 | 0x74c | 0x800 | 904ea74ba1a3d5338d75d70249523b89 | False | 0.57666015625 | data | 5.224582899824992 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
REGISTRY | 0x561b0 | 0x16d | ASCII text | English | United States | 0.5123287671232877 |
REGISTRY | 0x56320 | 0x16d | ASCII text | English | United States | 0.5095890410958904 |
REGISTRY | 0x56490 | 0x103 | ASCII text | English | United States | 0.4942084942084942 |
REGISTRY | 0x56598 | 0x103 | ASCII text | English | United States | 0.4942084942084942 |
REGISTRY | 0x566a0 | 0x107 | ASCII text | English | United States | 0.7072243346007605 |
REGISTRY | 0x567a8 | 0x98 | ASCII text | English | United States | 0.8026315789473685 |
RT_VERSION | 0x56840 | 0x340 | data | English | United States | 0.4651442307692308 |
DLL | Import |
---|---|
KERNEL32.dll | DecodePointer, RaiseException, GetLastError, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EncodePointer, CloseHandle, EnterCriticalSection, LeaveCriticalSection, ReleaseMutex, WaitForSingleObject, CreateMutexA, DisableThreadLibraryCalls, FreeLibrary, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, LoadLibraryExA, LoadResource, SizeofResource, lstrcmpiA, OpenMutexA, FindResourceA, MultiByteToWideChar, WideCharToMultiByte, IsDBCSLeadByte, DeleteFileA, FindClose, FindFirstFileA, FindNextFileA, LoadLibraryA, VerSetConditionMask, GetEnvironmentVariableA, CreateFileA, GetLongPathNameA, GetTempPathA, GetCurrentProcess, CreateProcessA, OpenProcess, GlobalMemoryStatusEx, GetLocalTime, GetSystemDirectoryA, GetWindowsDirectoryA, GetVersionExA, GetNativeSystemInfo, GlobalAlloc, GlobalFree, LocalAlloc, LocalFree, GetShortPathNameA, FormatMessageA, lstrlenA, VerifyVersionInfoA, WTSGetActiveConsoleSessionId, GetFileAttributesA, GetSystemWindowsDirectoryA, OutputDebugStringA, GetCurrentProcessId, GetCurrentThreadId, IsDebuggerPresent, OutputDebugStringW, WriteConsoleW, SetEndOfFile, ReadConsoleW, ReadFile, GetConsoleMode, GetConsoleCP, FlushFileBuffers, WriteFile, SetFilePointerEx, GetFileSizeEx, GetStringTypeW, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, InterlockedFlushSList, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetSystemInfo, VirtualAlloc, VirtualProtect, VirtualQuery, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetTimeZoneInformation, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, HeapSize, HeapReAlloc, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetStdHandle, GetCurrentDirectoryW, GetFullPathNameW, SetStdHandle, SetEnvironmentVariableW |
USER32.dll | GetWindowThreadProcessId, GetShellWindow, CloseDesktop, OpenInputDesktop, CharNextA, wsprintfA |
ole32.dll | CoTaskMemRealloc, CoTaskMemFree, CoUninitialize, CoInitialize, StringFromCLSID, CoCreateInstance, CoTaskMemAlloc |
OLEAUT32.dll | SysAllocStringByteLen, SysStringLen, SysAllocString, VarUI4FromStr, SysFreeString, VariantClear |
Name | Ordinal | Address |
---|---|---|
CheckMozJavaPlugins | 1 | 0x18000a028 |
DllCanUnloadNow | 2 | 0x180001c74 |
DllGetClassObject | 3 | 0x180001520 |
DllRegisterServer | 4 | 0x180001c88 |
DllUnregisterServer | 5 | 0x180001c94 |
RedirectAllStaticVersionKeys | 6 | 0x180006504 |
RedirectSelectedStaticVersionKeys | 7 | 0x1800065c4 |
RegKeyBranchNeedsUpdating | 8 | 0x180006478 |
RemoveAllMozillaJavaPlugins | 9 | 0x180007284 |
RunBrokerProcess | 10 | 0x180007310 |
UpdateTreatAsKey | 11 | 0x180006684 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 19:02:05.770172119 CEST | 53 | 60374 | 1.1.1.1 | 192.168.2.6 |
Oct 2, 2024 19:02:19.362873077 CEST | 53 | 55826 | 162.159.36.2 | 192.168.2.6 |
Oct 2, 2024 19:02:19.862385988 CEST | 62819 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 2, 2024 19:02:19.871315002 CEST | 53 | 62819 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:02:19.862385988 CEST | 192.168.2.6 | 1.1.1.1 | 0xc5fe | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:02:19.871315002 CEST | 1.1.1.1 | 192.168.2.6 | 0xc5fe | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74add0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fe110000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff67fef0000 |
File size: | 25'088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746a50000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 13:01:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746a50000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 13:01:48 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746a50000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 13:01:51 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746a50000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 13:01:52 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75fbc0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 18 |
Graph
Function 00007FFD9DF91520 Relevance: 52.9, APIs: 10, Strings: 20, Instructions: 420synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF91F64 Relevance: 33.5, APIs: 5, Strings: 14, Instructions: 268threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9D740 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 158registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB308C Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF97988 Relevance: 88.8, APIs: 11, Strings: 39, Instructions: 1344COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA8E14 Relevance: 40.4, APIs: 20, Strings: 2, Instructions: 1864COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF96D4C Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 114libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFBA4F4 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1207COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF957E0 Relevance: 21.7, APIs: 9, Strings: 3, Instructions: 733COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9475C Relevance: 18.5, APIs: 8, Strings: 4, Instructions: 483stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF99010 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 194COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9DE90 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 261COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF94418 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 231libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9DCA8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 112registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB6074 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 329timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFAE2EC Relevance: 9.2, APIs: 6, Instructions: 245COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA3E7C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB627C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFBD5E4 Relevance: 7.8, APIs: 5, Instructions: 321fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9F3F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB6690 Relevance: 5.5, APIs: 3, Instructions: 1031COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB1DC8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFAAC50 Relevance: 4.8, APIs: 3, Instructions: 317COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFAE8C0 Relevance: 4.6, APIs: 3, Instructions: 99timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB2660 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB7FA8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFC0BF8 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA5858 Relevance: 1.5, Strings: 1, Instructions: 206COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA5ADC Relevance: 1.4, Strings: 1, Instructions: 196COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFC0910 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF93B5C Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 247memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9C904 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B990 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 103libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BB00 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 99registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF99BE4 Relevance: 21.2, APIs: 3, Strings: 11, Instructions: 213COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF97310 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 121synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9AAA0 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 104libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF91130 Relevance: 15.1, APIs: 4, Strings: 6, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9EFB4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118threadCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF99A94 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 48stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B0A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9988C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 139stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B584 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 108COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF996F4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B2E8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 76COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9127C Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFC0AA8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BFE8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 46COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B3E4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9AC9C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9D15C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68memorywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF941FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9EF0C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF94170 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFAEE24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9AA50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFBDF30 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFC0710 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9CB80 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF910A0 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 31COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB4F9C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B774 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF91CAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF91E08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9403C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF93640 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B8E4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9CB0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9C874 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9CAB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF97928 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BCCC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BD1C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BD6C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9BDBC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9B9FC Relevance: 6.1, APIs: 4, Instructions: 66synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF96FC8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 53COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB2214 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFBDCD4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF942B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9ADD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9D028 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB32CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9C2B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9AEE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0E7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0C6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0D6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9C5FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFBC020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0E18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DF9C0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA3C7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFB0C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9DFA0674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|