Edit tour
Windows
Analysis Report
D8wwrB9ZCB.exe
Overview
General Information
| Sample name: | D8wwrB9ZCB.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
| Original sample name: | 22b90d638d1da32f8e2f2fdbecf4cad4 |
| Analysis ID: | 1524643 |
| MD5: | 22b90d638d1da32f8e2f2fdbecf4cad4 |
| SHA1: | d333c074053ee90bb2f7a5a2f4923285e8c92952 |
| SHA256: | dc2535caf6f685dbaadc3a18c6fcfabc043d75a1b76245247eab02bf766c9320 |
 | |
Errors
| |
Detection
| Score: | 3 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Classification
- System is w10x64
D8wwrB9ZCB.exe (PID: 6336 cmdline: "C:\Users\ user\Deskt op\D8wwrB9 ZCB.exe" MD5: 22B90D638D1DA32F8E2F2FDBECF4CAD4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00007FF69B3696F0 | |
| Source: | Code function: | 0_2_00007FF69B4E6630 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_00007FF69B46DC8C | |
| Source: | Code function: | 0_2_00007FF69B34CCB0 | |
| Source: | Code function: | 0_2_00007FF69B42EC60 | |
| Source: | Code function: | 0_2_00007FF69B491CF8 | |
| Source: | Code function: | 0_2_00007FF69B332CC0 | |
| Source: | Code function: | 0_2_00007FF69B33FCD0 | |
| Source: | Code function: | 0_2_00007FF69B389CE0 | |
| Source: | Code function: | 0_2_00007FF69B46BB78 | |
| Source: | Code function: | 0_2_00007FF69B469B70 | |
| Source: | Code function: | 0_2_00007FF69B351C20 | |
| Source: | Code function: | 0_2_00007FF69B417BD0 | |
| Source: | Code function: | 0_2_00007FF69B34BBF0 | |
| Source: | Code function: | 0_2_00007FF69B46DA80 | |
| Source: | Code function: | 0_2_00007FF69B40BA60 | |
| Source: | Code function: | 0_2_00007FF69B404B30 | |
| Source: | Code function: | 0_2_00007FF69B35CAD0 | |
| Source: | Code function: | 0_2_00007FF69B35DAE0 | |
| Source: | Code function: | 0_2_00007FF69B46F980 | |
| Source: | Code function: | 0_2_00007FF69B4C79B0 | |
| Source: | Code function: | 0_2_00007FF69B3DD9A0 | |
| Source: | Code function: | 0_2_00007FF69B4CF9A0 | |
| Source: | Code function: | 0_2_00007FF69B33E940 | |
| Source: | Code function: | 0_2_00007FF69B3C5960 | |
| Source: | Code function: | 0_2_00007FF69B4B8960 | |
| Source: | Code function: | 0_2_00007FF69B3C7A10 | |
| Source: | Code function: | 0_2_00007FF69B36AA10 | |
| Source: | Code function: | 0_2_00007FF69B4769CC | |
| Source: | Code function: | 0_2_00007FF69B34B9D0 | |
| Source: | Code function: | 0_2_00007FF69B43F090 | |
| Source: | Code function: | 0_2_00007FF69B381090 | |
| Source: | Code function: | 0_2_00007FF69B3C3050 | |
| Source: | Code function: | 0_2_00007FF69B469F78 | |
| Source: | Code function: | 0_2_00007FF69B350F90 | |
| Source: | Code function: | 0_2_00007FF69B3F7FA0 | |
| Source: | Code function: | 0_2_00007FF69B401F40 | |
| Source: | Code function: | 0_2_00007FF69B42BF70 | |
| Source: | Code function: | 0_2_00007FF69B409F70 | |
| Source: | Code function: | 0_2_00007FF69B345020 | |
| Source: | Code function: | 0_2_00007FF69B415FD0 | |
| Source: | Code function: | 0_2_00007FF69B441E90 | |
| Source: | Code function: | 0_2_00007FF69B46DE98 | |
| Source: | Code function: | 0_2_00007FF69B3FEEB0 | |
| Source: | Code function: | 0_2_00007FF69B36CEB0 | |
| Source: | Code function: | 0_2_00007FF69B3EFF00 | |
| Source: | Code function: | 0_2_00007FF69B3C7F10 | |
| Source: | Code function: | 0_2_00007FF69B430ED0 | |
| Source: | Code function: | 0_2_00007FF69B341ED0 | |
| Source: | Code function: | 0_2_00007FF69B3F1D80 | |
| Source: | Code function: | 0_2_00007FF69B42AD80 | |
| Source: | Code function: | 0_2_00007FF69B451D40 | |
| Source: | Code function: | 0_2_00007FF69B469D74 | |
| Source: | Code function: | 0_2_00007FF69B474E30 | |
| Source: | Code function: | 0_2_00007FF69B4CFE20 | |
| Source: | Code function: | 0_2_00007FF69B44CDE0 | |
| Source: | Code function: | 0_2_00007FF69B488494 | |
| Source: | Code function: | 0_2_00007FF69B499480 | |
| Source: | Code function: | 0_2_00007FF69B4514B0 | |
| Source: | Code function: | 0_2_00007FF69B4944A0 | |
| Source: | Code function: | 0_2_00007FF69B35C440 | |
| Source: | Code function: | 0_2_00007FF69B3EE450 | |
| Source: | Code function: | 0_2_00007FF69B46F474 | |
| Source: | Code function: | 0_2_00007FF69B347460 | |
| Source: | Code function: | 0_2_00007FF69B34E460 | |
| Source: | Code function: | 0_2_00007FF69B480510 | |
| Source: | Code function: | 0_2_00007FF69B456510 | |
| Source: | Code function: | 0_2_00007FF69B33E530 | |
| Source: | Code function: | 0_2_00007FF69B40E520 | |
| Source: | Code function: | 0_2_00007FF69B48E51C | |
| Source: | Code function: | 0_2_00007FF69B3394D0 | |
| Source: | Code function: | 0_2_00007FF69B3374E0 | |
| Source: | Code function: | 0_2_00007FF69B46A380 | |
| Source: | Code function: | 0_2_00007FF69B3C43A0 | |
| Source: | Code function: | 0_2_00007FF69B4CF360 | |
| Source: | Code function: | 0_2_00007FF69B48F408 | |
| Source: | Code function: | 0_2_00007FF69B3E4410 | |
| Source: | Code function: | 0_2_00007FF69B3D0420 | |
| Source: | Code function: | 0_2_00007FF69B44B3E0 | |
| Source: | Code function: | 0_2_00007FF69B47228C | |
| Source: | Code function: | 0_2_00007FF69B3452A0 | |
| Source: | Code function: | 0_2_00007FF69B3D3250 | |
| Source: | Code function: | 0_2_00007FF69B378260 | |
| Source: | Code function: | 0_2_00007FF69B40D2D0 | |
| Source: | Code function: | 0_2_00007FF69B3692C0 | |
| Source: | Code function: | 0_2_00007FF69B4672D0 | |
| Source: | Code function: | 0_2_00007FF69B4C32F0 | |
| Source: | Code function: | 0_2_00007FF69B46A17C | |
| Source: | Code function: | 0_2_00007FF69B3ED190 | |
| Source: | Code function: | 0_2_00007FF69B4881AC | |
| Source: | Code function: | 0_2_00007FF69B34D1A0 | |
| Source: | Code function: | 0_2_00007FF69B3EE150 | |
| Source: | Code function: | 0_2_00007FF69B331150 | |
| Source: | Code function: | 0_2_00007FF69B43D170 | |
| Source: | Code function: | 0_2_00007FF69B3C8200 | |
| Source: | Code function: | 0_2_00007FF69B466230 | |
| Source: | Code function: | 0_2_00007FF69B3401C0 | |
| Source: | Code function: | 0_2_00007FF69B407880 | |
| Source: | Code function: | 0_2_00007FF69B48888C | |
| Source: | Code function: | 0_2_00007FF69B431850 | |
| Source: | Code function: | 0_2_00007FF69B467868 | |
| Source: | Code function: | 0_2_00007FF69B3F0870 | |
| Source: | Code function: | 0_2_00007FF69B344910 | |
| Source: | Code function: | 0_2_00007FF69B3F88C0 | |
| Source: | Code function: | 0_2_00007FF69B4B88E0 | |
| Source: | Code function: | 0_2_00007FF69B4268E0 | |
| Source: | Code function: | 0_2_00007FF69B4BC780 | |
| Source: | Code function: | 0_2_00007FF69B42C780 | |
| Source: | Code function: | 0_2_00007FF69B40D780 | |
| Source: | Code function: | 0_2_00007FF69B34D7A0 | |
| Source: | Code function: | 0_2_00007FF69B381750 | |
| Source: | Code function: | 0_2_00007FF69B3CC760 | |
| Source: | Code function: | 0_2_00007FF69B377760 | |
| Source: | Code function: | 0_2_00007FF69B401820 | |
| Source: | Code function: | 0_2_00007FF69B429820 | |
| Source: | Code function: | 0_2_00007FF69B43D820 | |
| Source: | Code function: | 0_2_00007FF69B4667E0 | |
| Source: | Code function: | 0_2_00007FF69B3A8680 | |
| Source: | Code function: | 0_2_00007FF69B3CE690 | |
| Source: | Code function: | 0_2_00007FF69B4DC6A0 | |
| Source: | Code function: | 0_2_00007FF69B3CD640 | |
| Source: | Code function: | 0_2_00007FF69B411670 | |
| Source: | Code function: | 0_2_00007FF69B3E1710 | |
| Source: | Code function: | 0_2_00007FF69B42E700 | |
| Source: | Code function: | 0_2_00007FF69B3696F0 | |
| Source: | Code function: | 0_2_00007FF69B46A584 | |
| Source: | Code function: | 0_2_00007FF69B37B5A0 | |
| Source: | Code function: | 0_2_00007FF69B419550 | |
| Source: | Code function: | 0_2_00007FF69B3EC560 | |
| Source: | Code function: | 0_2_00007FF69B3EA620 | |
| Source: | Code function: | 0_2_00007FF69B396630 | |
| Source: | Code function: | 0_2_00007FF69B4035D0 | |
| Source: | Code function: | 0_2_00007FF69B43C5E0 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00007FF69B4BA080 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF69B3D2C80 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF69B41D9B0 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00007FF69B3696F0 | |
| Source: | Code function: | 0_2_00007FF69B4E6630 | |
| Source: | Code function: | 0_2_00007FF69B41D9B0 | |
| Source: | Code function: | 0_2_00007FF69B487BDC | |
| Source: | Code function: | 0_2_00007FF69B3D2C80 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00007FF69B487BDC | |
| Source: | Code function: | 0_2_00007FF69B463828 | |
| Source: | Code function: | 0_2_00007FF69B48BC78 | |
| Source: | Code function: | 0_2_00007FF69B486B68 | |
| Source: | Code function: | 0_2_00007FF69B48B9E8 | |
| Source: | Code function: | 0_2_00007FF69B48B3CC | |
| Source: | Code function: | 0_2_00007FF69B486334 | |
| Source: | Code function: | 0_2_00007FF69B48B6CC | |
| Source: | Code function: | 0_2_00007FF69B463AD4 | |
| Source: | Code function: | 0_2_00007FF69B47BB64 | |
| Source: | Code function: | 0_2_00007FF69B33CC90 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | Path Interception | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1524643 |
| Start date and time: | 2024-10-03 02:39:39 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 2m 26s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 1 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | D8wwrB9ZCB.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
| Original Sample Name: | 22b90d638d1da32f8e2f2fdbecf4cad4 |
| Detection: | UNKNOWN |
| Classification: | unknown3.winEXE@1/0@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Corrupt sample or wrongly selected analyzer. Details: 36b1
- Execution Graph export aborted for target D8wwrB9ZCB.exe, PID 6336 because there are no executed function
- Report size exceeded maximum capacity and may have missing disassembly code.
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.54179387553059 |
| TrID: |
|
| File name: | D8wwrB9ZCB.exe |
| File size: | 2'762'856 bytes |
| MD5: | 22b90d638d1da32f8e2f2fdbecf4cad4 |
| SHA1: | d333c074053ee90bb2f7a5a2f4923285e8c92952 |
| SHA256: | dc2535caf6f685dbaadc3a18c6fcfabc043d75a1b76245247eab02bf766c9320 |
| SHA512: | ab67dcf791be486592660c325cb024922f0ec4340bf0b4ecc108c19bedf65ee23df69eb589a55a42e797deb9c353b64e3f771f2978d3761d2eae76a91eac913e |
| SSDEEP: | 49152:Cncz/J3r7qXRSr0Zslz6buc4hwCOWzh9sVpzaDSyFvcP:44p7wjUzah4hrNaMR |
| TLSH: | A8D58C13F29940D9D01AC074C74A8632EAB2BC99473166EF0790BA562F77FE46B3D721 |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...8..f.........."..........>.......:.........@.............................0+.....|.+...`........................................ |
 | |
| Icon Hash: | 173149cccc490307 |
| Entrypoint: | 0x140133ac0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66F1C538 [Mon Sep 23 19:44:56 2024 UTC] |
| TLS Callbacks: | 0x4002b360, 0x1, 0x40132d30, 0x1, 0x4006bc90, 0x1, 0x40132420, 0x1, 0x4000f220, 0x1, 0x4009ec40, 0x1 |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 8aa69bfb46216fa413519fb53924b2f9 |
| Signature Valid: | true |
| Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | F87B1BFA8FFB860CE59A8D63EC60262F |
| Thumbprint SHA-1: | 607A3EDAA64933E94422FC8F0C80388E0590986C |
| Thumbprint SHA-256: | 2029505D14BAF18AF60A0D1A7D8B56447DB643B32FAA849D4C08D2AB1FF3A4FD |
| Serial: | 0B50CF246B263EFD85A729315158F3FF |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007FE2D1544100h |
| dec eax |
| add esp, 28h |
| jmp 00007FE2D1543F6Fh |
| int3 |
| int3 |
| dec eax |
| mov dword ptr [esp+18h], ebx |
| push ebp |
| dec eax |
| mov ebp, esp |
| dec eax |
| sub esp, 30h |
| dec eax |
| mov eax, dword ptr [000F7558h] |
| dec eax |
| mov ebx, 2DDFA232h |
| cdq |
| sub eax, dword ptr [eax] |
| add byte ptr [eax+3Bh], cl |
| ret |
| jne 00007FE2D1544166h |
| dec eax |
| and dword ptr [ebp+10h], 00000000h |
| dec eax |
| lea ecx, dword ptr [ebp+10h] |
| call dword ptr [000EC112h] |
| dec eax |
| mov eax, dword ptr [ebp+10h] |
| dec eax |
| mov dword ptr [ebp-10h], eax |
| call dword ptr [000EBFCCh] |
| mov eax, eax |
| dec eax |
| xor dword ptr [ebp-10h], eax |
| call dword ptr [000EBFA8h] |
| mov eax, eax |
| dec eax |
| lea ecx, dword ptr [ebp+18h] |
| dec eax |
| xor dword ptr [ebp-10h], eax |
| call dword ptr [000EC260h] |
| mov eax, dword ptr [ebp+18h] |
| dec eax |
| lea ecx, dword ptr [ebp-10h] |
| dec eax |
| shl eax, 20h |
| dec eax |
| xor eax, dword ptr [ebp+18h] |
| dec eax |
| xor eax, dword ptr [ebp-10h] |
| dec eax |
| xor eax, ecx |
| dec eax |
| mov ecx, FFFFFFFFh |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x21f0b2 | 0x87 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x21f13c | 0x64 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x25b000 | 0x54380 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x245000 | 0xd074 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2a0000 | 0x2868 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2b0000 | 0x227c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x21c84c | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x21c720 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1ee170 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x21f8f8 | 0x758 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x21e1e8 | 0x180 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1eb483 | 0x1eb600 | bf0a8cfe101f495e6987c6f3dbb8d6a6 | False | 0.5041745500508776 | data | 6.515397733979095 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x1ed000 | 0x3df44 | 0x3e000 | f57746f13828c8e589fb8aec8479a0d1 | False | 0.3776658581149194 | zlib compressed data | 5.521726575885276 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x22b000 | 0x197f8 | 0xee00 | 02c971657914d56b684b9f4a05fbc754 | False | 0.033006171218487396 | data | 1.3725516447749866 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0x245000 | 0xd074 | 0xd200 | f4727fd54c29dfe1a34a305be5c6fd19 | False | 0.5143043154761905 | data | 5.975634034334762 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .gxfg | 0x253000 | 0x2db0 | 0x2e00 | 412a5ca059e212119521cad66552b7a7 | False | 0.4136379076086957 | data | 5.228438981291628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .retplne | 0x256000 | 0xa8 | 0x200 | 022887b1467ba7c3bd7ed7d98b0a888a | False | 0.12890625 | data | 1.320312118710215 | |
| .tls | 0x257000 | 0x231 | 0x400 | 0c9fb149289c2757d5c8b5e55c04c0da | False | 0.0400390625 | data | 0.21252292292517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| CPADinfo | 0x258000 | 0x38 | 0x200 | 60d3ea61d541c9be2e845d2787fb9574 | False | 0.04296875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| _RDATA | 0x259000 | 0x1f4 | 0x200 | 5e296af163f25fb2ced59330ec8c3dee | False | 0.509765625 | data | 4.192162511063951 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| malloc_h | 0x25a000 | 0x5ad | 0x600 | 3f4b91644b5db14eb94bb1a3711e8ed7 | False | 0.6490885416666666 | data | 6.098643154959229 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x25b000 | 0x54380 | 0x54400 | f33a5f068f1aff1da46bb37472a46cff | False | 0.49783533475519287 | data | 6.218553769665869 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x2b0000 | 0x227c | 0x2400 | eae742c0777c5a4d37a1ea3e631b17ad | False | 0.3129340277777778 | GLS_BINARY_LSB_FIRST | 5.391946429447065 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| GOOGLEUPDATEAPPLICATIONCOMMANDS | 0x2a0b80 | 0x4 | data | English | United States | 3.0 |
| RT_CURSOR | 0x2a0fd8 | 0x134 | data | 0.4837662337662338 | ||
| RT_CURSOR | 0x2a1128 | 0x134 | data | 0.22402597402597402 | ||
| RT_CURSOR | 0x2a1278 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | 0.2077922077922078 | ||
| RT_CURSOR | 0x2a13c8 | 0x134 | data | 0.461038961038961 | ||
| RT_CURSOR | 0x2a1518 | 0x134 | data | 0.39935064935064934 | ||
| RT_CURSOR | 0x2a1650 | 0xcac | data | 0.08446362515413071 | ||
| RT_CURSOR | 0x2a2328 | 0x134 | data | 0.32142857142857145 | ||
| RT_CURSOR | 0x2a2460 | 0xcac | data | 0.06103575832305795 | ||
| RT_CURSOR | 0x2a3138 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03280224929709466 | ||
| RT_CURSOR | 0x2a4200 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.07966260543580131 | ||
| RT_CURSOR | 0x2a52c8 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.07872539831302718 | ||
| RT_CURSOR | 0x2a6390 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.07591377694470477 | ||
| RT_CURSOR | 0x2a7458 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03420805998125586 | ||
| RT_CURSOR | 0x2a8520 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03655107778819119 | ||
| RT_CURSOR | 0x2a95e8 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03795688847235239 | ||
| RT_CURSOR | 0x2aa6b0 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03303655107778819 | ||
| RT_CURSOR | 0x2ab778 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.036785379568884724 | ||
| RT_CURSOR | 0x2ac840 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.03608247422680412 | ||
| RT_CURSOR | 0x2ad908 | 0x10ac | Targa image data 64 x 65536 x 1 +32 " " | 0.042877225866916585 | ||
| RT_CURSOR | 0x2ae9d0 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | 0.23376623376623376 | ||
| RT_CURSOR | 0x2aeb20 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.1590909090909091 | ||
| RT_CURSOR | 0x2aec70 | 0x134 | data | 0.3181818181818182 | ||
| RT_CURSOR | 0x2aedc0 | 0x134 | data | 0.30194805194805197 | ||
| RT_ICON | 0x25c610 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.4913294797687861 |
| RT_ICON | 0x25cb78 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.46435018050541516 |
| RT_ICON | 0x25d420 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.39072494669509594 |
| RT_ICON | 0x25e2c8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.6214539007092199 |
| RT_ICON | 0x25e730 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.4298780487804878 |
| RT_ICON | 0x25f7d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.32863070539419087 |
| RT_ICON | 0x261d80 | 0x7cfc | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9984998124765596 |
| RT_ICON | 0x269ae8 | 0x38 | Device independent bitmap graphic, 1 x 2 x 1, image size 0 | English | United States | 0.4107142857142857 |
| RT_ICON | 0x269b38 | 0x38 | Device independent bitmap graphic, 1 x 2 x 1, image size 0 | English | United States | 0.4107142857142857 |
| RT_ICON | 0x269b88 | 0x38 | Device independent bitmap graphic, 1 x 2 x 1, image size 0 | English | United States | 0.4107142857142857 |
| RT_ICON | 0x269bd8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.4429190751445087 |
| RT_ICON | 0x26a140 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.411101083032491 |
| RT_ICON | 0x26a9e8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.35047974413646055 |
| RT_ICON | 0x26b890 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.6046099290780141 |
| RT_ICON | 0x26bcf8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.40196998123827393 |
| RT_ICON | 0x26cda0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.31483402489626555 |
| RT_ICON | 0x26f348 | 0x7c98 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9978994231251568 |
| RT_ICON | 0x277048 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.2332089552238806 |
| RT_ICON | 0x277ef0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.3564981949458484 |
| RT_ICON | 0x278798 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.5173410404624278 |
| RT_ICON | 0x278d00 | 0x7fa | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States | 0.8736532810969637 |
| RT_ICON | 0x279500 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.06732365145228215 |
| RT_ICON | 0x27baa8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.10694183864915573 |
| RT_ICON | 0x27cb50 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.25177304964539005 |
| RT_ICON | 0x27d020 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.2260127931769723 |
| RT_ICON | 0x27dec8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.3456678700361011 |
| RT_ICON | 0x27e770 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.5079479768786127 |
| RT_ICON | 0x27ecd8 | 0x7c8 | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States | 0.8704819277108434 |
| RT_ICON | 0x27f4a0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.06244813278008299 |
| RT_ICON | 0x281a48 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.09803001876172608 |
| RT_ICON | 0x282af0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.23049645390070922 |
| RT_ICON | 0x282fc0 | 0x4a8 | Device independent bitmap graphic, 17 x 32 x 32, image size 1088, resolution 2835 x 2835 px/m | English | United States | 0.28439597315436244 |
| RT_ICON | 0x283468 | 0x1234 | Device independent bitmap graphic, 33 x 66 x 32, image size 4356, resolution 2835 x 2835 px/m | English | United States | 0.11566523605150214 |
| RT_ICON | 0x2846a0 | 0x2668 | Device independent bitmap graphic, 49 x 96 x 32, image size 9408, resolution 2835 x 2835 px/m | English | United States | 0.07811228641171684 |
| RT_ICON | 0x286d08 | 0x184b | PNG image data, 257 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.992603312429651 |
| RT_ICON | 0x288598 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.4552023121387283 |
| RT_ICON | 0x288b00 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.43772563176895307 |
| RT_ICON | 0x2893a8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.4013859275053305 |
| RT_ICON | 0x28a250 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.5638297872340425 |
| RT_ICON | 0x28a6b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.3574108818011257 |
| RT_ICON | 0x28b760 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.300103734439834 |
| RT_ICON | 0x28dd08 | 0x6c1c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9986631016042781 |
| RT_ICON | 0x294990 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.4653179190751445 |
| RT_ICON | 0x294ef8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.4426895306859206 |
| RT_ICON | 0x2957a0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.4064498933901919 |
| RT_ICON | 0x296648 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.5709219858156028 |
| RT_ICON | 0x296ab0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.3602251407129456 |
| RT_ICON | 0x297b58 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.30072614107883816 |
| RT_ICON | 0x29a100 | 0x6a18 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9981958762886598 |
| RT_GROUP_CURSOR | 0x2a1110 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x2a1260 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x2a13b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x2a1500 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x2a2300 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | 1.0 | ||
| RT_GROUP_CURSOR | 0x2a3110 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | 1.0 | ||
| RT_GROUP_CURSOR | 0x2a41e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2a52b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2a6378 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2a7440 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2a8508 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2a95d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2aa698 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2ab760 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2ac828 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2ad8f0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2ae9b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.2 | ||
| RT_GROUP_CURSOR | 0x2aeb08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x2aec58 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x2aeda8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x2aeef8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_ICON | 0x269a80 | 0x68 | data | English | United States | 0.7019230769230769 |
| RT_GROUP_ICON | 0x269b20 | 0x14 | data | English | United States | 1.1 |
| RT_GROUP_ICON | 0x269b70 | 0x14 | data | English | United States | 1.1 |
| RT_GROUP_ICON | 0x269bc0 | 0x14 | data | English | United States | 1.1 |
| RT_GROUP_ICON | 0x276fe0 | 0x68 | data | English | United States | 0.6923076923076923 |
| RT_GROUP_ICON | 0x27cfb8 | 0x68 | data | English | United States | 0.6923076923076923 |
| RT_GROUP_ICON | 0x282f58 | 0x68 | data | English | United States | 0.6923076923076923 |
| RT_GROUP_ICON | 0x288558 | 0x3e | data | English | United States | 0.8709677419354839 |
| RT_GROUP_ICON | 0x294928 | 0x68 | data | English | United States | 0.7115384615384616 |
| RT_GROUP_ICON | 0x2a0b18 | 0x68 | data | English | United States | 0.6923076923076923 |
| RT_VERSION | 0x2a0b88 | 0x450 | data | English | United States | 0.44021739130434784 |
| RT_MANIFEST | 0x2aef10 | 0x46c | XML 1.0 document, ASCII text, with very long lines (1018) | English | United States | 0.48674911660777387 |
| DLL | Import |
|---|---|
| chrome_elf.dll | GetInstallDetailsPayload, IsBrowserProcess, IsExtensionPointDisableSet, SignalChromeElf, SignalInitializeCrashReporting |
| KERNEL32.dll | AcquireSRWLockExclusive, AddVectoredExceptionHandler, CloseHandle, CompareStringW, ConnectNamedPipe, CreateDirectoryW, CreateEventW, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreW, CreateThread, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetVersionExW, GetWindowsDirectoryW, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, K32GetPerformanceInfo, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, LockFileEx, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, PeekNamedPipe, PostQueuedCompletionStatus, PrefetchVirtualMemory, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, RemoveVectoredExceptionHandler, ReplaceFileW, ResetEvent, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetDefaultDllDirectories, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetProcessMitigationPolicy, SetProcessShutdownParameters, SetStdHandle, SetThreadAffinityMask, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| ntdll.dll | RtlInitUnicodeString |
| Name | Ordinal | Address |
|---|---|---|
| GetHandleVerifier | 1 | 0x1400691b0 |
| GetPakFileHashes | 2 | 0x140092e10 |
| IsSandboxedProcess | 3 | 0x140094540 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
| Target ID: | 0 |
| Start time: | 20:40:30 |
| Start date: | 02/10/2024 |
| Path: | C:\Users\user\Desktop\D8wwrB9ZCB.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff69b330000 |
| File size: | 2'762'856 bytes |
| MD5 hash: | 22B90D638D1DA32F8E2F2FDBECF4CAD4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
Function 00007FF69B40E520 Relevance: 135.5, APIs: 72, Strings: 4, Instructions: 2539COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46F980 Relevance: 52.6, APIs: 25, Strings: 4, Instructions: 1888COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B456510 Relevance: 42.7, APIs: 17, Strings: 7, Instructions: 687fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3FEEB0 Relevance: 40.9, APIs: 16, Strings: 7, Instructions: 678fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3E4410 Relevance: 40.3, APIs: 11, Strings: 11, Instructions: 1765threadtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B417BD0 Relevance: 39.5, APIs: 21, Strings: 1, Instructions: 1011threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B415FD0 Relevance: 37.4, APIs: 16, Strings: 5, Instructions: 627synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B34CCB0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 245threadlibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3D0420 Relevance: 32.2, APIs: 15, Strings: 3, Instructions: 656synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B34E460 Relevance: 32.1, APIs: 11, Strings: 7, Instructions: 586COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B36AA10 Relevance: 28.6, APIs: 4, Strings: 12, Instructions: 608libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B389CE0 Relevance: 28.6, APIs: 3, Strings: 13, Instructions: 589fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3EFF00 Relevance: 26.9, APIs: 4, Strings: 11, Instructions: 606COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4C79B0 Relevance: 24.9, APIs: 2, Strings: 12, Instructions: 425COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4944A0 Relevance: 20.5, APIs: 6, Strings: 5, Instructions: 1226COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B42AD80 Relevance: 20.3, APIs: 4, Strings: 7, Instructions: 1020COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3C7F10 Relevance: 19.8, APIs: 10, Strings: 1, Instructions: 565COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B33E530 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 203filelibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B36CEB0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 151libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3EE450 Relevance: 18.5, APIs: 4, Strings: 6, Instructions: 1042COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3F1D80 Relevance: 16.6, APIs: 3, Strings: 6, Instructions: 826COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B381090 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 443COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B33E940 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 475COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B401F40 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 392COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4BA080 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B47BB64 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B351C20 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 431COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B345020 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3D2C80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B463AD4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B430ED0 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 616COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B451D40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B441E90 Relevance: .7, Instructions: 692COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B43F090 Relevance: .5, Instructions: 498COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B35CAD0 Relevance: .5, Instructions: 488COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4CF360 Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B474E30 Relevance: .3, Instructions: 339COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4CF9A0 Relevance: .3, Instructions: 290COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46F474 Relevance: .3, Instructions: 287COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3394D0 Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B480510 Relevance: .2, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B35DAE0 Relevance: .2, Instructions: 158COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3C3050 Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46DC8C Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46DA80 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46DE98 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B469B70 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B469F78 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B469D74 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B46A380 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4CFE20 Relevance: .1, Instructions: 139COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4769CC Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3C43A0 Relevance: .1, Instructions: 100COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3724D0 Relevance: 57.9, APIs: 1, Strings: 32, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B43BC30 Relevance: 30.2, APIs: 12, Strings: 5, Instructions: 477threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B389420 Relevance: 21.5, APIs: 4, Strings: 8, Instructions: 455fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B349C76 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 273threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B387D20 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 289synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B421370 Relevance: 18.3, APIs: 12, Instructions: 271threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B354F80 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 354threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B417130 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 396COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B368B90 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 212fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B428C40 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 196threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B41E040 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 164COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B385A80 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B353A70 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 178libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B33DAD9 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B417940 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 131libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B48696C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4B6950 Relevance: 13.6, APIs: 9, Instructions: 67synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B33DD10 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 283COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B36B9B0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 276timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B339D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B366BA0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B344B07 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B492FB8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B387940 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4C74A0 Relevance: 12.1, APIs: 8, Instructions: 116processsynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B43B510 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 446threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B393BF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 220COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4B9A70 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 180fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B35AF30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 133libraryloaderthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B418EE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 124COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B438CB0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 107libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3CF9A0 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4E6C90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B34FA20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B345400 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 314COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B47D084 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B48A9AC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B347090 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B379360 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B47BBE4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B438E80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B439460 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3F5400 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 298COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3EBB20 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 287COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3E3360 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 228COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B37A9E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3D0F50 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B344090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B387520 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B396940 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4E7970 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B402D70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B416B40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B345B60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B3439D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4E6BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4E6DE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B386F00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B389C30 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B45FE70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B37BFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4B7520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B344D80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B463C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B366B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B4B84F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B49D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B48FC3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF69B43CBE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|