Windows
Analysis Report
test.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- test.exe (PID: 6616 cmdline:
"C:\Users\ user\Deskt op\test.ex e" MD5: 2A98009EBC2E830E2E2DE723312EE8A6) - explorer.exe (PID: 984 cmdline:
explorer.e xe MD5: DD6597597673F72E10C9DE7901FBA0A8) - @AE2AF6.tmp.exe (PID: 2084 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\@AE2AF 6.tmp.exe" MD5: 252EE18EB5E305056FDC9915B278656F) - cmd.exe (PID: 4948 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Roami ng\Temp\us er0.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 428 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WdExt.exe (PID: 6788 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \Messenger \Extension \WdExt.exe " MD5: 7942494EAC73B2B3281E4A8E94C39376) - cmd.exe (PID: 5228 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Roami ng\Temp\us er1.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 4564 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - launch.exe (PID: 2720 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \Defender\ launch.exe " /i 6788 MD5: DAAC1781C9D22F5743ADE0CB41FEAEBF) - cmd.exe (PID: 2020 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Roami ng\Temp\us er2.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 2084 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - wtmps.exe (PID: 4480 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\wtmps. exe" MD5: 75C1467042B38332D1EA0298F29FB592) - mscaps.exe (PID: 6612 cmdline:
"C:\Window s\system32 \mscaps.ex e" /C:\Use rs\user\Ap pData\Loca l\Temp\wtm ps.exe MD5: 78D3C8705F8BAF7D34E6A6737D1CFA18) - cmd.exe (PID: 2140 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Roami ng\Temp\us er1.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7124 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - test.exe (PID: 2196 cmdline:
"C:\Users\ user\Deskt op\test.ex e" MD5: AA2C0EDAD4DE949A1347F8C6A346AAAB)
- cleanup
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00401466 | |
Source: | Code function: | 2_2_00404D6B | |
Source: | Code function: | 11_2_004012A4 | |
Source: | Code function: | 11_2_004034D3 | |
Source: | Code function: | 15_2_00403177 |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Dropped file: | ||
Source: | Dropped file: |
Source: | File created: |
Source: | Code function: | 2_2_00404069 | |
Source: | Code function: | 2_2_0040A8DB | |
Source: | Code function: | 2_2_00406550 | |
Source: | Code function: | 2_2_0040B965 | |
Source: | Code function: | 2_2_00403D17 | |
Source: | Code function: | 2_2_004035D5 | |
Source: | Code function: | 2_2_004039DA | |
Source: | Code function: | 2_2_004159BF | |
Source: | Code function: | 2_2_0040866E | |
Source: | Code function: | 2_2_00407E7F | |
Source: | Code function: | 2_2_0040AECE | |
Source: | Code function: | 2_2_004042F0 | |
Source: | Code function: | 2_2_00410334 | |
Source: | Code function: | 2_2_0040A3BD | |
Source: | Code function: | 2_2_1000A69F | |
Source: | Code function: | 3_2_00407753 | |
Source: | Code function: | 8_2_1000A69F | |
Source: | Code function: | 11_2_0040247F | |
Source: | Code function: | 11_2_004074EC | |
Source: | Code function: | 11_2_00402142 | |
Source: | Code function: | 11_2_00401D3D | |
Source: | Code function: | 11_2_0040C1C4 | |
Source: | Code function: | 11_2_00404DCD | |
Source: | Code function: | 11_2_004055BC | |
Source: | Code function: | 11_2_00402A58 | |
Source: | Code function: | 11_2_00407A68 | |
Source: | Code function: | 11_2_00406FCE | |
Source: | Code function: | 11_2_004027D1 | |
Source: | Code function: | 11_2_0040FF99 | |
Source: | Code function: | 11_2_1000A69F | |
Source: | Code function: | 14_2_00407F2C | |
Source: | Code function: | 14_2_004015A0 | |
Source: | Code function: | 15_2_00401F70 | |
Source: | Code function: | 15_2_0040A13C | |
Source: | Code function: | 15_2_004071EE |
Source: | Dropped File: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_1000180D |
Source: | Code function: | 14_2_00401080 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Code function: | 2_2_00402056 |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040167E | |
Source: | Code function: | 2_2_0040C8BE | |
Source: | Code function: | 2_2_0040D53E | |
Source: | Code function: | 2_2_10005996 | |
Source: | Code function: | 2_2_100053AE | |
Source: | Code function: | 8_2_10005996 | |
Source: | Code function: | 8_2_100053AE | |
Source: | Code function: | 11_2_0040896E | |
Source: | Code function: | 11_2_00409E3E | |
Source: | Code function: | 11_2_10005996 | |
Source: | Code function: | 11_2_100053AE | |
Source: | Code function: | 14_2_004026FE | |
Source: | Code function: | 15_2_004030BE |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 15_2_00401D10 |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Module Loaded: | ||
Source: | Module Loaded: |
Source: | Code function: | 14_2_00401080 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Stalling execution: |
Source: | Code function: | 2_2_1000180D |
Source: | Code function: | 2_2_00402056 | |
Source: | Code function: | 2_2_00401CB0 | |
Source: | Code function: | 14_2_00401D20 | |
Source: | Code function: | 15_2_00402600 |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 2_2_00401466 | |
Source: | Code function: | 2_2_00404D6B | |
Source: | Code function: | 11_2_004012A4 | |
Source: | Code function: | 11_2_004034D3 | |
Source: | Code function: | 15_2_00403177 |
Source: | Code function: | 2_2_0040318C |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_2-18953 | ||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_1000180D |
Source: | Code function: | 2_2_00402056 |
Source: | Code function: | 2_2_00404732 |
Source: | Code function: | 2_2_00411746 | |
Source: | Code function: | 2_2_00411758 | |
Source: | Code function: | 2_2_1000BA64 | |
Source: | Code function: | 2_2_1000BA76 | |
Source: | Code function: | 3_2_00401179 | |
Source: | Code function: | 3_2_00451880 | |
Source: | Code function: | 8_2_1000BA64 | |
Source: | Code function: | 8_2_1000BA76 | |
Source: | Code function: | 11_2_0040C6A6 | |
Source: | Code function: | 11_2_0040C6B8 | |
Source: | Code function: | 11_2_1000BA64 | |
Source: | Code function: | 11_2_1000BA76 | |
Source: | Code function: | 14_2_00406250 | |
Source: | Code function: | 14_2_0040623E | |
Source: | Code function: | 14_2_00401AD0 | |
Source: | Code function: | 15_2_00408007 | |
Source: | Code function: | 15_2_004024A0 | |
Source: | Code function: | 15_2_00407FF5 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 15_2_00401950 |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Code function: | 2_2_0040B8D2 |
Source: | Code function: | 2_2_00402056 |
Source: | Code function: | 2_2_00412794 |
Source: | Code function: | 2_2_0040318C |
Source: | Code function: | 3_2_0043B9C0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 2 Command and Scripting Interpreter | 1 Scripting | 311 Process Injection | 121 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 11 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 11 DLL Side-Loading | 11 DLL Side-Loading | 311 Process Injection | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 11 DLL Side-Loading | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 2 File and Directory Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 4 System Information Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Drop.Daws.awfy | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Rogue.kdv.685680 | ||
100% | Avira | TR/Spy.Agent.auk | ||
100% | Avira | TR/Spy.Agent.auh | ||
100% | Avira | TR/Crypt.FKM.1350 | ||
100% | Avira | BDS/Fynloski.IG | ||
100% | Avira | TR/Spy.Agent.aul | ||
100% | Avira | TR/Drop.Daws.awfy | ||
100% | Avira | TR/PSW.Agent.pzuba | ||
100% | Avira | TR/Spy.Agent.rddod | ||
100% | Avira | BDS/Nanocore.MG | ||
100% | Avira | BDS/Fynloski.BA | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | ReversingLabs | Win32.Infostealer.BZub | ||
100% | ReversingLabs | Win32.Worm.Faedevour | ||
91% | ReversingLabs | Win32.Worm.Faedevour | ||
92% | ReversingLabs | Win32.Worm.Faedevour | ||
100% | ReversingLabs | Win32.Worm.Faedevour | ||
96% | ReversingLabs | Win32.Worm.Faedevour | ||
87% | ReversingLabs | Win32.Worm.Faedevour | ||
92% | ReversingLabs | Win32.Worm.Faedevour | ||
88% | ReversingLabs | Win32.Worm.Faedevour | ||
0% | ReversingLabs | |||
100% | ReversingLabs | Win32.Worm.Faedevour |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524536 |
Start date and time: | 2024-10-02 23:23:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | test.exe |
Detection: | MAL |
Classification: | mal100.evad.winEXE@35/29@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.72.235.82
- Excluded domains from analysis (whitelisted): redir.update.msft.com.trafficmanager.net, ocsp.digicert.com, slscr.update.microsoft.com, windowsupdate.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target test.exe, PID 2196 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: test.exe
Time | Type | Description |
---|---|---|
17:24:49 | API Interceptor | |
22:24:50 | Autostart | |
22:25:11 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\wtmps.exe | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Windows\SysWOW64\mscaps.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 406 |
Entropy (8bit): | 5.350477861599205 |
Encrypted: | false |
SSDEEP: | 6:oWAGVISs4KHunXwBFq7+fAmvIHcDNeEc7vyx07WmnN/9udXiIP+KHuH1jIy4EE+h:lDVE45nXwu74Awq7sfeuh+KOVjiEE+hn |
MD5: | 37512BCC96B2C0C0CF0AD1ED8CFAE5CD |
SHA1: | EDF7F17CE28E1C4C82207CAB8CA77F2056EA545C |
SHA-256: | 27E678BF5DC82219D6EDD744F0B82567A26E40F8A9DCD6487205E13058E3ED1F |
SHA-512: | 6D4252AB5AA441A76CE2127224FEFCB221259AB4D39F06437B269BD6BFDAAE009C8F34E9603EC734159553BC9F1359BDD70316CD426D73B171A9F17C41077641 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1797699 |
Entropy (8bit): | 7.976046783043414 |
Encrypted: | false |
SSDEEP: | 24576:OXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0UNd:mbTChxKCnFnQXBbrtgb/iQvu0UHO9y |
MD5: | 252EE18EB5E305056FDC9915B278656F |
SHA1: | D4B1AC5389C7DE600CC7B63DF4F8DF545565A18A |
SHA-256: | B74969A67DF1BA88F4D93AF98D65898EDD91539AD4C7A74CB1102CB0D6E1CAA5 |
SHA-512: | 8772F4C8844B4D75280EB86F238AE3CA551CC5E67419077751E547654BB768D11B7BB2C04971AD0D6EE137761CB0F362BFDCE55870A946A54E8BC0DA5E388C93 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 896 |
Entropy (8bit): | 4.700288873450408 |
Encrypted: | false |
SSDEEP: | 24:keK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeK+DeKD:d1q1q1q1q1q1q1q1q1q1q1q1q1q1q1qo |
MD5: | BE49EE9D1B6DA594241CE3B7432C5D64 |
SHA1: | D81E68B9BF84258AF2E6B5595C4F5C8D53B9C901 |
SHA-256: | DB66D62796AE12BF459E514F27BB1A0D416D804365F44E8EC53DD760E3F7B8B8 |
SHA-512: | 0C15D8D86E0DFCCBCECD50B3DD5906F8F5B7C52511128D01BE82B394CCB08ED85A486A101BBB5D992A688D1E62F21FDA712DAEF1BF3A5ECBA9AAD152E47562F5 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 620 |
Entropy (8bit): | 4.7002729531161505 |
Encrypted: | false |
SSDEEP: | 12:kvmNKzuXDvmNKzuXDvmNKzuXDvmNKzuXDvmNKzuXDvmNKzuXDvmNKzuXDvmNKzum:keK+DeK+DeK+DeK+DeK+DeK+DeK+DeKT |
MD5: | 1D713C403B1DA202F059FCA73E0E6C61 |
SHA1: | BA91DFDC9786177C0F6CB0ED2F324FFB1DD1F050 |
SHA-256: | FB2BF10E6A64C014A8DB3F0DEA7E1B795B36632E4EDC532A2422975802632B0A |
SHA-512: | E88F3C0FA520EBC9B982B5404025E6484A9BED925D889915250797B1592CCD8B4218428BB8A0CAF0685BCCA5584E05151EC2F7FAF105347AFC94E1A955E4BC01 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1796415 |
Entropy (8bit): | 4.70043971812567 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyp:F |
MD5: | 6354B0F69E2257A69F01F15C2624B294 |
SHA1: | B36C8CA0B00405373AAF1C65F61BE60BEF267225 |
SHA-256: | A7651F484533E1C5B6D7235E0C129A450188341014D6FFCFFE8F7D633C0F4344 |
SHA-512: | 961DC74DD338DC0499B37D3CF1908226BD1841B3E43558E70448083C8D3EC77BCB5682AE0B28659987AD9B915DD2200AC05F09A04E3CFE7B1E0137A61269A69F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 907 |
Entropy (8bit): | 7.774852528796053 |
Encrypted: | false |
SSDEEP: | 12:yVcca7jUJ6J4rDayFMdNWjx3V3aHn8aH4WjjKdP9e2J2i0odDwRlLiWicTvZNX+e:3U4JJogNWV3VKre9P2iP5ipZsG |
MD5: | C833778DEC21525FD7622C02BD6CCCAF |
SHA1: | 300C4611EE736FB33A82E5EDEB1BFF18B760235B |
SHA-256: | 41ED4FD4CCB449E108E99E25F0E7BA192A3DA0FD5A82C32468DD04D99A22B857 |
SHA-512: | 85C60D074E13E2ECCAA456AD5915FE5CC0264A6ED3DB9914AA73FF34A7307B5D7A1F1FD7879FFC7B9C276F7CD6AE89DBF3956D26A424ED9B3A9BAEB49B2AD807 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1053442 |
Entropy (8bit): | 4.700439718141092 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyK:O |
MD5: | DF2C63605573C2398D796370C11CB26C |
SHA1: | EFBA97E2184BA3941EDB008FCC61D8873B2B1653 |
SHA-256: | 07FFCDE2097D0AF67464907FEC6A4079B92DA11583013BAE7D3313FA32312FE8 |
SHA-512: | D9726E33FCFA96415CC906BDB1B0E53EBA674EAF30ED77D41D245C1C59AA53E222246F691D82FA3A45F049FBF23D441768F9DA21370E489232770AD5AE91D32F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 235266 |
Entropy (8bit): | 4.70043971626439 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyq:u |
MD5: | 6F90E1169D19DFDE14D6F753F06C862B |
SHA1: | E9BCA93C68D7DF73D000F4A6E6EB73A343682AC5 |
SHA-256: | 70A392389AECD0F58251E72C3FD7E9159F481061D14209FF8708A0FD9FF584DC |
SHA-512: | F0C898222E9578C01EBE1BEFAC27A3FB68D8FB6E76C7D1DEC7A8572C1AA3201BACF1E69AA63859E95606790CF09962BCF7DC33B770A6846BED5BD7DED957B0B3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 123650 |
Entropy (8bit): | 4.700439712479302 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy:u |
MD5: | F558C76B0376AF9273717FA24D99EBBF |
SHA1: | F84BCECE5C6138B62EF94E9D668CF26178EE14CC |
SHA-256: | 01631353726DC51BCEA311DBC012572CF96775E516B1C79A2DE572EF15954B7A |
SHA-512: | 2092D1E126D0420FEC5FC0311D6B99762506563F4890E4049E48E2D87DDE5AC3E2E2ECC986AB305DE2C6CEB619F18879A69A815D3241CCF8140BC5EA00C6768D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129282 |
Entropy (8bit): | 4.700439711235807 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyK:u |
MD5: | 02AE22335713A8F6D6ADF80BF418202B |
SHA1: | 4C40C11F43DF761B92A5745F85A799DB7B389215 |
SHA-256: | AE5697F849FA48DB6D3D13455C224FCF6CEB0602A1E8AC443E211DD0F32D50F4 |
SHA-512: | 727D16102BFC768535B52A37E4E7B5D894F5DAA268D220DF108382C36DCCE063AFDBC31FD495A7A61305263EC4CD7E92713D894FAA35B585C0B379217A1D929C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 91394 |
Entropy (8bit): | 4.700439710541972 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyS:O |
MD5: | 09203A9741B91F3A9ED01C82DCB8778D |
SHA1: | 13E6F3FB169CD6AA5E4D450417A7E15665A2E140 |
SHA-256: | 63149AD45DB380F5DD15F65D9CEB2611D53A0A66E022483BEE4CE2FF7D2610E2 |
SHA-512: | 9E9E6FE0DD713417D0E28BA787CF862D55ECDA9EE9F3DF1EADA144657F6A3B6ADA1984FD05A3FFFCD597A9715383225A8E40B6E5D0D8D39EC0D3A64B8DEA9846 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102146 |
Entropy (8bit): | 4.7004397081852405 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyq:u |
MD5: | 9A27BFB55DD768AE81CA8716DB2DA343 |
SHA1: | 55DA0F4282BD838F72F435A5D4D24AC15B04482B |
SHA-256: | 5EC8093EF5939D1ABCE1C576097B584FB600B94AD767C1DA897F7CB7F0063D26 |
SHA-512: | D9BB49D2F282ED09C351A1D8EB2540781E6A7FB39265473FD59D146BFC162F27A4AB1405301ED7395C12929A80551A399437D7D794D7AC48650E9037B60EB69C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 176386 |
Entropy (8bit): | 4.700439717028234 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyK:u |
MD5: | 2634FA3A332C297711CB59D43F54FFCE |
SHA1: | 8E2B68D0EE4E792EFB1945BA86ECEB87F07087D2 |
SHA-256: | 27C945CCB84AA024F1F063701327E829A7EF3A7EDE4A43B2FEBBB1DDDBDF8740 |
SHA-512: | 84E4799B9B18A7CC7BE685C793A9B4FB135EA331D1D235FE823E1D7091130F131AB2FBAD1DA4DEA795E82547AA16B00F4E2A9FAAA96CB522D795F9ABFDA2FC53 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282624 |
Entropy (8bit): | 4.700439717346398 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyX:T |
MD5: | E07C6A9E595F045FADC463DFDA44AB16 |
SHA1: | E6B199272ADE02613F2003C365A4CB1487431E23 |
SHA-256: | D2FA6F9686386A92253A9C5EA25ACE702A111483540B60C1300789235CEA7FDC |
SHA-512: | F3C630AE8381B99519AEEADBC2918810E7FB09A909F73EE6C46F4E9D3CF8C5051A5CF763DB6A775D6CD8713CCF95A63B18DF9ED756FA28276E8D7AB6A47F2CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282624 |
Entropy (8bit): | 7.055084803288937 |
Encrypted: | false |
SSDEEP: | 6144:Xaz/zwzFEN3MmUGvSQagFwDeSv3BU9T4/XGOUYM/mVz:Iz8qamFVa1D69T4RMmVz |
MD5: | 75C1467042B38332D1EA0298F29FB592 |
SHA1: | F92EA770C2DDB04CF0D20914578E4C482328F0F8 |
SHA-256: | 3B20C853D4CA23240CD338B8CAB16F1027C540DDFE9C4FFDCA1624D2F923B373 |
SHA-512: | 5C47C59AD222E2597CCDF2C100853C48F022E933F44C279154346EACF9E7E6F54214ADA541D43A10424035F160B56131AAB206C11512A9FD6EA614FBD3160AA0 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102146 |
Entropy (8bit): | 6.672724217779346 |
Encrypted: | false |
SSDEEP: | 1536:AfVMTLl0+j+R3S6CVaTqifclr7MB3tY0ZHp8FkK4+3IOqFnToIfwCBztSoRa6A:Fl67CVgBbNEfZqtTBfwCptSw/A |
MD5: | F1C9F4A1F92588AEB82BE5D2D4C2C730 |
SHA1: | 3DC5A017B15BA74FAE2342937380905BF7E8FBD5 |
SHA-256: | D3A46F71AA7467920B16B64C9D17EAF6C4E147F41CD1390DCCFF01E4A81F8DFA |
SHA-512: | 6171E740CE318D8FC35C92663684F2C35E7B5374C9A8CE6F4DC1C28C9AE62064F9CF44116266C650089BD5A3D328E87F9BDBD63AC1123E0A33CE52A1D21CFFAD |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 123650 |
Entropy (8bit): | 6.665333125659156 |
Encrypted: | false |
SSDEEP: | 3072:PWFWnu/0NPlE+qoytTBf+28aVytl34iQA:PW8nlQ+RytTBV2J |
MD5: | 1FCC5B3ED6BC76D70CFA49D051E0DFF6 |
SHA1: | 3FFA43EFDC893A57DCAD3D45C9B14980DD52EB58 |
SHA-256: | B0C0C49EED934E6D2ED990913D4C71108F6104352D23F72D3EF0A3EF4074D92E |
SHA-512: | 8769438AACC26F0A720926F419A2564813DEE2F526B2DBB7A3F57D587DC385612BF5780F4E39CE2149DE5FB4C1AF839DCC099F3D77387989E16D2BC76C6DE929 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 176386 |
Entropy (8bit): | 7.467006043338271 |
Encrypted: | false |
SSDEEP: | 3072:ng2TyMj3tEcWMkc5tTBfZOVxtDH2g3zd3jceABCODJRCyA:n7xqcWxc5tTBsJWKFGUOfCl |
MD5: | DAAC1781C9D22F5743ADE0CB41FEAEBF |
SHA1: | E2549EEEEA42A6892B89D354498FCAA8FFD9CAC4 |
SHA-256: | 6A7093440420306CF7DE53421A67AF8A1094771E0AAB9535ACBD748D08ED766C |
SHA-512: | 190A7D5291E20002F996EDF1E04456BFDFF8B7B2F4EF113178BD42A9E5FD89FE6D410AE2C505DE0358C4F53F9654AC1CAAA8634665AFA6D9691640DD4EE86160 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1053442 |
Entropy (8bit): | 7.383233334811567 |
Encrypted: | false |
SSDEEP: | 24576:XitBcqPTSNCs8Fm6nQbkkcCZIkj3tTkgbGqt/dKcMM1Wy/:SIqriCsmm6nYqkjdTkgSqNdKcMs/ |
MD5: | 2D9DF706D1857434FCAA014DF70D1C66 |
SHA1: | 75A65DD394941CD78234EE100D68C8D2F53F77C6 |
SHA-256: | 126593B3672E6985FE4E4903D656040E16A69264FAF91B1A416EF00565E17E7C |
SHA-512: | BC476A3AAF54323F1E77BB5EFFC05C407A1034A42B495DA3A374F2253002BA948929EBAAAF52A5204095AA0D66C740F5A2828E2FD3C46749544580966024CACC |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1799318 |
Entropy (8bit): | 7.975944248689045 |
Encrypted: | false |
SSDEEP: | 24576:OXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0UNN:mbTChxKCnFnQXBbrtgb/iQvu0UHO9I |
MD5: | 7942494EAC73B2B3281E4A8E94C39376 |
SHA1: | 88C3CD0A88E1C93CFFEEE72D372B1D79144F35AC |
SHA-256: | B9818299D1719F7DE6F22CE1F67AE8D3CB5770C945DE5746AE502656FE112984 |
SHA-512: | 8C22BD07628CFB865A72E44E2F271A1158BBBD250D9CD8356187648C08FD37974A0EAFF341D06ACBB4EECD217BC6B837489BFE4E3A0A301A183DC8FBBA5A36CD |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 91394 |
Entropy (8bit): | 6.654533417168698 |
Encrypted: | false |
SSDEEP: | 1536:h5QmUNtCKcKcyR2zh5Te2D6grD5Z3MIOKFnToIf+VHutHaA:hItC42zhlGgrXCKtTBf+VOtHaA |
MD5: | 6A9461F260EBB2556B8AE1D0BA93858A |
SHA1: | 01E14B87B69DCE8272D84669F44F81D685DCF7C5 |
SHA-256: | 0B059565160C180DF60470349770A6DD225981A8051639385BB49D33D2A73632 |
SHA-512: | 263041E149A2E7CD95C16A614175179B5E1FEA8ECA137AAC02D903B45F107AD1C9467A3E790408CACA7250B0CB83DA77AA73887239F25B7B93B221CFFC02772B |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129282 |
Entropy (8bit): | 6.621412156936795 |
Encrypted: | false |
SSDEEP: | 3072:h3Qj8Ajn/VzK9fmfiCunng05hlOytTBfitzImtw+FU16DA:h3Qjtz/qf1Cung05hlOytTBN+Fqb |
MD5: | D0C9ADA173DA923EFABB53D5A9B28D54 |
SHA1: | 0CEFE568D2A06BD44FE9DFAB65B1E27BD34DEF11 |
SHA-256: | AD01AB517CF1C9F5D30B3EA749C91C5C8FC613E771D25287483023D2066E1523 |
SHA-512: | 6919CA6D0EB94402B470EF131362AA1FD35BE994161B857FABF4A7ACA7710A757BF490AD6E2F8B5618B53E9BF3390638A9340642035E6A71EA4EEDC94E403E27 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 235266 |
Entropy (8bit): | 6.653536540157241 |
Encrypted: | false |
SSDEEP: | 6144:/fbIMsWVgui7vKbeDb2J1dZSbgOtTBpkFqAcURC:X3xu7vKiDb2nnegOtTnkFDC |
MD5: | FFFA05401511AD2A89283C52D0C86472 |
SHA1: | 99A9FBCAC39B9522D1D628620B69C4CD7CC110F1 |
SHA-256: | 41A712FD2111C5DDEC6FE58A29C80F19923CC72E88B4508D5A3DAEB236DDF1B8 |
SHA-512: | 468B9B50B342D0DEBBF81E37983C600E171BD35AB38680F495A8F52D8476735876E2329228D009F2631356E99770371740F97D77235383DB3E00F7ECD12DB6B3 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129 |
Entropy (8bit): | 4.660429712853706 |
Encrypted: | false |
SSDEEP: | 3:I5Pt+kiEaKC5Sufoms+L4AHSvKZOt+kiEaKC595Ytzvn:INwknaZ5SuMcyvKowknaZ5bsDn |
MD5: | 5838B249DFFF3C4BCF6094F52325FB83 |
SHA1: | 7FB503ACAC1BF4BD0AFCDB4ED0A432CD9314422B |
SHA-256: | ECED495D7F070597196A9C2C800EC4B3A0901F2E40F919A230460DB54C79A352 |
SHA-512: | D65D77AD5BF90DD7C32E0CC1E2E8DD711D682FBB46E3411034E6534EE884DDC6017CDDC846B31B89A2DA2CE7E4A216B6B96BA06E6C1C5EF74B751937AD2D5A54 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126 |
Entropy (8bit): | 4.8419035287667 |
Encrypted: | false |
SSDEEP: | 3:I5Pt+kiEaKC5SufhADu25U4AHwMF3vBkZOt+kiEaKC595YGjn:INwknaZ5SuJmv5U49wBkowknaZ5bJjn |
MD5: | 5EAC731C619F72CF9DF1C72A2D734BE7 |
SHA1: | DBD3300B67E578DF5CE04B6A125478BB9718D252 |
SHA-256: | 03E35825C4136DCCCF6E8BE6A919686A435736872DE16229304150EB47C25796 |
SHA-512: | 371A96D779D79756DA96C31888C5CE467D906B6ABE37824B8D714539AEF96487D31B57AA1FF46F3EF37B26374097F17FADC715506E35A9DF0D556EEA948CA4D0 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Microsoft\Defender\launch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102 |
Entropy (8bit): | 4.594912323903514 |
Encrypted: | false |
SSDEEP: | 3:I5Pt+kiE2J5xAI8JlovKZOt+kiEaKC595YM+vn:INwkn23f8JyvKowknaZ5bEn |
MD5: | 777A79CAA1236D029E5BB4C6577A1373 |
SHA1: | 181B61AB20B758E96304781BB503753948054499 |
SHA-256: | 575C47B3B66AA387BCBF9526B701F9455249EA114CD7C6574128EC5AAD2C30B6 |
SHA-512: | 36FFE4EFB594DD2A518405E82A0CA39F901AB2FD81B5A2E7C99218DAB5A02C0157017072A1CB66351583573CC76AFB0126FB0151DF09F7EA6D9B95465622DD65 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 397728 |
Entropy (8bit): | 4.700439717593888 |
Encrypted: | false |
SSDEEP: | 96:/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyz:/ |
MD5: | E1E47695A0B98432911311352B63EAED |
SHA1: | 836142E550301E0FC13C1A047AAE5A2F4481D7CD |
SHA-256: | C67ED34D9254B31E611EE830125C3F2572A1E686F82DEB69E1580FB9A4614CD0 |
SHA-512: | DA49234EE2E1D8F9956BA59D4A49FE04D3AB154F5DD60CF7A6C72E9D42DEFE8A4B0AEB38845444FE3A8D9C80976467D2101F7C992A48F98F6A9317D0E61CA961 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 809472 |
Entropy (8bit): | 6.4977514182547225 |
Encrypted: | false |
SSDEEP: | 12288:8OorOSUTlyRQJok8n3edtG6bV2MEJi099ifVpiLngVqzw8s/KdWGd7rSfjLtVpRT:0OJTI+JL8n3YG6bVDZNUzY55Z |
MD5: | AA2C0EDAD4DE949A1347F8C6A346AAAB |
SHA1: | 81D420887F3D87EAD91CA7A4BAFE827D9409BFD9 |
SHA-256: | 5B516BF84FA5FD2E4159EDCF70916AD775E71257790FF70B2D39A487D0F9DCA1 |
SHA-512: | 351BF8D28D8EA78FA34A9F3BE413F21458336AB4BDE2BE3DFB3744575B61DDC70C30162FBDD892E864730D9FAC76A06BD923A58250356000AEDC8FF4979035EE |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\wtmps.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 204800 |
Entropy (8bit): | 7.357970003886077 |
Encrypted: | false |
SSDEEP: | 3072:34LGpbMkFAIk2GOytDDE1wYa+6NjQYryupFsjzuoAxWhZWkZu4pUBRrwCP8T:FbnDk2HcMZYQYcSovhc7AAcCPe |
MD5: | 78D3C8705F8BAF7D34E6A6737D1CFA18 |
SHA1: | 9F09E248A29311DBEEFAE9D85937B13DA042A010 |
SHA-256: | 2C4C9EC8E9291BA5C73F641AF2E0C3E1BBD257AC40D9FB9D3FAAB7CEBC978905 |
SHA-512: | 9A3C3175276DA58F1BC8D1138E63238C8D8CCFBFA1A8A1338E88525ECA47F8D745158BB34396B7C3F25E4296BE5F45A71781DA33AD0BBDF7AD88A9C305B85609 |
Malicious: | true |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.703447785090587 |
TrID: |
|
File name: | test.exe |
File size: | 2'614'323 bytes |
MD5: | 2a98009ebc2e830e2e2de723312ee8a6 |
SHA1: | 4d767fa5085f36a9d6c8a70de8106b5e4a6a6802 |
SHA256: | 0f28c564a6268c2f3203bf3d594cb519dde447032911eebf3b430e925a94915a |
SHA512: | af07aeb62940d7fd562b759f2ca09a42a0955fc880793f2d153fc5bbfa529507dcfe4682ecbfef8cea1aa4c1a83c2b9d3641501c41626925e22abeeb76d3b7c5 |
SSDEEP: | 49152:5OJTDJA3+OW5ZOxbTChxKCnFnQXBbrtgb/iQvu0UHO9z:5OJvJAux5ZOx6hxvWbrtUTrUHO9z |
TLSH: | 74C5D119FA01D474EF1B85B203C6EE7A56362D304A17CC47F9902E2855B3EB779E1B22 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[....................J.......................................Rich............PE..L...c{TO................................... |
Icon Hash: | 89a4b2e5e5cc9cd5 |
Entrypoint: | 0x40167f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x4F547B63 [Mon Mar 5 08:37:55 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 730073214094cd328547bf1f72289752 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 004020F8h |
push 00401830h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 68h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
xor ebx, ebx |
mov dword ptr [ebp-04h], ebx |
push 00000002h |
pop edi |
push edi |
call dword ptr [004020D4h] |
pop ecx |
or dword ptr [00403090h], FFFFFFFFh |
or dword ptr [00403094h], FFFFFFFFh |
call dword ptr [004020D0h] |
mov ecx, dword ptr [0040308Ch] |
mov dword ptr [eax], ecx |
call dword ptr [004020CCh] |
mov ecx, dword ptr [00403088h] |
mov dword ptr [eax], ecx |
mov eax, dword ptr [004020C8h] |
mov eax, dword ptr [eax] |
mov dword ptr [00403098h], eax |
call 00007F97A0B143AAh |
cmp dword ptr [00403070h], ebx |
jne 00007F97A0B1427Eh |
push 00401822h |
call dword ptr [004020C4h] |
pop ecx |
call 00007F97A0B1437Ch |
push 0040300Ch |
push 00403008h |
call 00007F97A0B14367h |
mov eax, dword ptr [00403084h] |
mov dword ptr [ebp-6Ch], eax |
lea eax, dword ptr [ebp-6Ch] |
push eax |
push dword ptr [00403080h] |
lea eax, dword ptr [ebp-64h] |
push eax |
lea eax, dword ptr [ebp-70h] |
push eax |
lea eax, dword ptr [ebp-60h] |
push eax |
call dword ptr [004020BCh] |
push 00403004h |
push 00403000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2104 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xbe000 | 0xe0f4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0xf4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x83c | 0xa00 | 6dbb11cce72cc16b887018dd4c34d252 | False | 0.569921875 | data | 5.438914555753771 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x2000 | 0x5c6 | 0x600 | 838666d924e8b6e9dfc84f930bd16733 | False | 0.515625 | data | 4.859194046971246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3000 | 0xbb000 | 0x200 | 7d6dcdf3bcb22dca4957ddb77c1c8cbf | False | 0.130859375 | Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 0 | 0.545273764156015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xbe000 | 0xe0f4 | 0xe200 | e7c931bab9c2d389ac0ab577dc48d249 | False | 0.44571003871681414 | data | 5.885941048379587 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xbe21c | 0x4627 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9883623809788964 |
RT_ICON | 0xc2844 | 0x3a48 | Device independent bitmap graphic, 60 x 120 x 32, image size 0 | English | United States | 0.17868632707774798 |
RT_ICON | 0xc628c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.204149377593361 |
RT_ICON | 0xc8834 | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 0 | English | United States | 0.21893491124260356 |
RT_ICON | 0xca29c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.2450750469043152 |
RT_ICON | 0xcb344 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 0 | English | United States | 0.23662790697674418 |
RT_ICON | 0xcb9fc | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.30230496453900707 |
RT_GROUP_ICON | 0xcbe64 | 0x68 | data | English | United States | 0.7596153846153846 |
RT_VERSION | 0xcbecc | 0x228 | data | English | United States | 0.4963768115942029 |
DLL | Import |
---|---|
KERNEL32.dll | ResumeThread, WriteProcessMemory, VirtualProtectEx, GetModuleFileNameW, DuplicateHandle, GetCurrentProcess, SetFileTime, CopyFileW, GetDriveTypeW, GetFileTime, CreateFileW, SetErrorMode, GetTempFileNameW, GetTempPathW, ExitProcess, Sleep, DeleteFileW, CloseHandle, WaitForSingleObject, CreateProcessW, ReadProcessMemory, GetThreadSelectorEntry, GetThreadContext, GetLastError, lstrlenW, GetModuleHandleW, GetStartupInfoW |
USER32.dll | MessageBoxA |
SHELL32.dll | ShellExecuteW |
MSVCRT.dll | memset, wcscpy, free, _fileno, _chsize, wcsrchr, wcscat, malloc, fclose, fread, fwrite, fseek, _wfopen, sprintf, fflush, _exit, _XcptFilter, exit, _wcmdln, __wgetmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 23:25:02.103918076 CEST | 53 | 62427 | 1.1.1.1 | 192.168.2.4 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:24:42 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\Desktop\test.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'614'323 bytes |
MD5 hash: | 2A98009EBC2E830E2E2DE723312EE8A6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:24:42 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\explorer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 4'514'184 bytes |
MD5 hash: | DD6597597673F72E10C9DE7901FBA0A8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:24:42 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\@AE2AF6.tmp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'797'699 bytes |
MD5 hash: | 252EE18EB5E305056FDC9915B278656F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:24:42 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\Desktop\test.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 809'472 bytes |
MD5 hash: | AA2C0EDAD4DE949A1347F8C6A346AAAB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 17:24:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 17:24:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 17:24:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 17:24:45 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 17:24:45 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'799'318 bytes |
MD5 hash: | 7942494EAC73B2B3281E4A8E94C39376 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 17:24:49 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 17:24:49 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 17:24:49 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Defender\launch.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 176'386 bytes |
MD5 hash: | DAAC1781C9D22F5743ADE0CB41FEAEBF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 12 |
Start time: | 17:24:52 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 17:24:52 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 17:24:52 |
Start date: | 02/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\wtmps.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 282'624 bytes |
MD5 hash: | 75C1467042B38332D1EA0298F29FB592 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Has exited: | true |
Target ID: | 15 |
Start time: | 17:24:53 |
Start date: | 02/10/2024 |
Path: | C:\Windows\SysWOW64\mscaps.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 204'800 bytes |
MD5 hash: | 78D3C8705F8BAF7D34E6A6737D1CFA18 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Has exited: | true |
Execution Graph
Execution Coverage: | 93.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 36 |
Total number of Limit Nodes: | 7 |
Graph
Callgraph
Function 00401000 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 203injectionprocessthreadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040167F Relevance: 16.6, APIs: 11, Instructions: 123COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004014EB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56stringprocessCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401346 Relevance: 9.1, APIs: 6, Instructions: 69threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015E1 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401588 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401435 Relevance: 4.6, APIs: 3, Instructions: 60COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 12.8% |
Dynamic/Decrypted Code Coverage: | 30.5% |
Signature Coverage: | 4.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 217 |
Graph
Function 0040318C Relevance: 94.8, APIs: 8, Strings: 46, Instructions: 297libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402056 Relevance: 65.5, APIs: 18, Strings: 19, Instructions: 734libraryloadernetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404732 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 119memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401466 Relevance: 3.0, APIs: 2, Instructions: 17fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402A96 Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 461sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000B74E Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000C389 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 143threadsynchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100025B9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109libraryfileloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403068 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59stringprocessCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414B9F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004124D6 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410A31 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004057F3 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 298fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10009C7D Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100096E4 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000A4F3 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410188 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8F2 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002761 Relevance: 3.1, APIs: 2, Instructions: 75networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404902 Relevance: 3.1, APIs: 2, Instructions: 68memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10009959 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412322 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10009442 Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FAAF Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EBE Relevance: 3.0, APIs: 2, Instructions: 12threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404855 Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007C91 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004107E7 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002541 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000666B Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D277 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D2C5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002A88 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401DF4 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000B20A Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004136B5 Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004159BF Relevance: 26.7, Strings: 21, Instructions: 417COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412794 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207timeCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CB0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406550 Relevance: 1.9, Strings: 1, Instructions: 695COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A3BD Relevance: 1.6, Strings: 1, Instructions: 362COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004035D5 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A8DB Relevance: 1.5, Strings: 1, Instructions: 278COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B8D2 Relevance: 1.5, APIs: 1, Instructions: 19timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000BA64 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411746 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000BA76 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411758 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404069 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004042F0 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040866E Relevance: .9, Instructions: 916COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E7F Relevance: .6, Instructions: 604COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004039DA Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D17 Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000A69F Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410334 Relevance: .3, Instructions: 259COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AECE Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B965 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001421 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 252libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100018DA Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 216libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000C300 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414F31 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000CF55 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411C02 Relevance: 13.6, APIs: 9, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000952C Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004120E5 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001211 Relevance: 12.2, APIs: 8, Instructions: 214libraryloadersynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000AD2E Relevance: 12.2, APIs: 8, Instructions: 170COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10009310 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A36 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 194libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000C788 Relevance: 9.1, APIs: 6, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000C94D Relevance: 9.1, APIs: 6, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411D6F Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413487 Relevance: 7.7, APIs: 5, Instructions: 154COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000947E Relevance: 7.5, APIs: 5, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100089A1 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E8E3 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100070BC Relevance: 7.5, APIs: 5, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F340 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BB38 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416A7B Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404BBF Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004163F1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412A78 Relevance: 5.1, APIs: 4, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007093 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F78F Relevance: 5.0, APIs: 4, Instructions: 12COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B9C0 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 228memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451880 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433360 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 456windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F9B0 Relevance: 65.1, APIs: 29, Strings: 8, Instructions: 322windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E600 Relevance: 54.7, APIs: 29, Strings: 2, Instructions: 476windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E580 Relevance: 50.0, APIs: 33, Instructions: 458COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442D50 Relevance: 45.2, APIs: 30, Instructions: 226COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E6F0 Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 429timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 174windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A1C0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 124windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004410D0 Relevance: 27.3, APIs: 18, Instructions: 259COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E130 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 290windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409500 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 192windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E5F9 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 165windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004094ED Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 160windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D150 Relevance: 25.9, APIs: 17, Instructions: 383COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438D30 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 69timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408468 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448A40 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437510 Relevance: 21.4, APIs: 14, Instructions: 433COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F500 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 179windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D400 Relevance: 19.6, APIs: 13, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C690 Relevance: 18.4, APIs: 12, Instructions: 377COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00474170 Relevance: 18.2, APIs: 12, Instructions: 217COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432280 Relevance: 18.1, APIs: 12, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043EA90 Relevance: 16.8, APIs: 11, Instructions: 337COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004310F0 Relevance: 16.8, APIs: 11, Instructions: 252COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004072C9 Relevance: 16.7, APIs: 11, Instructions: 195COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440170 Relevance: 16.6, APIs: 11, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043D8F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401500 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 49libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E6E0 Relevance: 15.1, APIs: 10, Instructions: 118COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440A30 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 156windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B2C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F7C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DB00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432180 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C870 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406050 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C1B9 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446080 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004214AC Relevance: 12.1, APIs: 8, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443270 Relevance: 12.1, APIs: 8, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004033F0 Relevance: 12.0, APIs: 8, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004737C0 Relevance: 10.8, APIs: 7, Instructions: 287COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440DB0 Relevance: 10.7, APIs: 7, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004414D0 Relevance: 10.6, APIs: 7, Instructions: 139COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404480 Relevance: 10.6, APIs: 7, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CCB0 Relevance: 10.6, APIs: 7, Instructions: 112COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CCA9 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404472 Relevance: 10.6, APIs: 7, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D8C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A550 Relevance: 9.2, APIs: 6, Instructions: 220COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449A80 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004201BC Relevance: 9.1, APIs: 6, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004744D0 Relevance: 9.1, APIs: 6, Instructions: 124memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F25C Relevance: 9.1, APIs: 6, Instructions: 121COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F26C Relevance: 9.1, APIs: 6, Instructions: 118windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A830 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B980 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440060 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004510C0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A829 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403CE0 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F88B Relevance: 9.0, APIs: 6, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8DF Relevance: 9.0, APIs: 6, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FBD3 Relevance: 9.0, APIs: 6, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004015B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004707E0 Relevance: 7.7, APIs: 5, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EAC9 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062F0 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C3F0 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C630 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D2FC Relevance: 7.6, APIs: 5, Instructions: 121COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EC9C Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004416D0 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403280 Relevance: 7.6, APIs: 5, Instructions: 108COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D347 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405449 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EA59 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E4D0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B6F5 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472D60 Relevance: 7.6, APIs: 5, Instructions: 51stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447CF0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8E1 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8E5 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D2C Relevance: 7.5, APIs: 5, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8EB Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8EF Relevance: 7.5, APIs: 5, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E604 Relevance: 7.5, APIs: 5, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E617 Relevance: 7.5, APIs: 5, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E5BD Relevance: 7.5, APIs: 5, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ED2D Relevance: 7.5, APIs: 5, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E61B Relevance: 7.5, APIs: 5, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C9E Relevance: 7.5, APIs: 5, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E6E9 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091C0 Relevance: 6.2, APIs: 4, Instructions: 239COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00473460 Relevance: 6.2, APIs: 4, Instructions: 210memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004466B0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BDCC Relevance: 6.1, APIs: 4, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431BD0 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062DC Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004722C0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472860 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004718D0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004729F0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471AE0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471CF0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445420 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004064A0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D4AC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043DB40 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433CC0 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004087CC Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E570 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CE50 Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042159C Relevance: 6.0, APIs: 4, Instructions: 40COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A459 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D70 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020DC Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408E10 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026AF Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8F3 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F8FD Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CC6A Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025D4 Relevance: 6.0, APIs: 4, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040852E Relevance: 6.0, APIs: 4, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409835 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D31F Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00419642 Relevance: 6.0, APIs: 4, Instructions: 17COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ED4D Relevance: 6.0, APIs: 4, Instructions: 17COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451A20 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451910 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|