Edit tour
Windows
Analysis Report
game.exe
Overview
General Information
| Sample name: | game.exe |
| Analysis ID: | 1524979 |
| MD5: | 7ff30d3ab976b5771ba56163f0919386 |
| SHA1: | 0acf7c157c7a0f0eae8d8b0ee11890a935a53724 |
| SHA256: | 511e21b8c183fee710862aa39fe11cd87d632377b123b0ecba4e979100237f42 |
| Infos: | |
 | |
Detection
| Score: | 5 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Detected potential crypto function
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
game.exe (PID: 7576 cmdline: "C:\Users\ user\Deskt op\game.ex e" MD5: 7FF30D3AB976B5771BA56163F0919386)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_00B5E4C0 | |
| Source: | Code function: | 0_2_00B90080 | |
| Source: | Code function: | 0_2_00A52380 | |
| Source: | Code function: | 0_2_00B90480 | |
| Source: | Code function: | 0_2_00B6C6E0 | |
| Source: | Code function: | 0_2_00B84B10 | |
| Source: | Code function: | 0_2_00B411C0 | |
| Source: | Code function: | 0_2_00BA37E0 | |
| Source: | Code function: | 0_2_00B5DB60 | |
| Source: | Code function: | 0_2_00B5FD90 | |
| Source: | Code function: | 0_2_00B8EEF0 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_00B19F70 | |
| Source: | Code function: | 0_2_00A50140 | |
| Source: | Code function: | 0_2_00AAA220 | |
| Source: | Code function: | 0_2_00A466D0 | |
| Source: | Code function: | 0_2_00A48C90 | |
| Source: | Code function: | 0_2_00A46D30 | |
| Source: | Code function: | 0_2_00A68F80 | |
| Source: | Code function: | 0_2_00A493B0 | |
| Source: | Code function: | 0_2_00A5B400 | |
| Source: | Code function: | 0_2_00BA5510 | |
| Source: | Code function: | 0_2_00AA96E0 | |
| Source: | Code function: | 0_2_00A49990 | |
| Source: | Code function: | 0_2_00AF9A20 | |
| Source: | Code function: | 0_2_00A55E10 | |
| Source: | Code function: | 0_2_00A45FB0 | |
| Source: | Code function: | 0_2_00A4FFD0 | |
| Source: | Code function: | 0_3_006AD402 | |
| Source: | Code function: | 0_2_00B664D0 | |
| Source: | Code function: | 0_2_00B785B0 | |
| Source: | Code function: | 0_2_00B9DA70 | |
| Source: | Code function: | 0_2_00BBA120 | |
| Source: | Code function: | 0_2_00BB22C0 | |
| Source: | Code function: | 0_2_00AAA220 | |
| Source: | Code function: | 0_2_00A52380 | |
| Source: | Code function: | 0_2_00B64350 | |
| Source: | Code function: | 0_2_00BB8340 | |
| Source: | Code function: | 0_2_00ADA4D0 | |
| Source: | Code function: | 0_2_00AEA400 | |
| Source: | Code function: | 0_2_00A50590 | |
| Source: | Code function: | 0_2_00A6A5E0 | |
| Source: | Code function: | 0_2_00A6C6F0 | |
| Source: | Code function: | 0_2_00A5C7F0 | |
| Source: | Code function: | 0_2_00ACA730 | |
| Source: | Code function: | 0_2_00A4E8E0 | |
| Source: | Code function: | 0_2_00B70800 | |
| Source: | Code function: | 0_2_00ABC860 | |
| Source: | Code function: | 0_2_00C4080B | |
| Source: | Code function: | 0_2_00BB6990 | |
| Source: | Code function: | 0_2_00A849E0 | |
| Source: | Code function: | 0_2_00A62BF0 | |
| Source: | Code function: | 0_2_00A6EB30 | |
| Source: | Code function: | 0_2_00C2EB00 | |
| Source: | Code function: | 0_2_00AACB70 | |
| Source: | Code function: | 0_2_00BB6B40 | |
| Source: | Code function: | 0_2_00C36CBA | |
| Source: | Code function: | 0_2_00ACEC30 | |
| Source: | Code function: | 0_2_00C08D30 | |
| Source: | Code function: | 0_2_00BB6E80 | |
| Source: | Code function: | 0_2_00A33000 | |
| Source: | Code function: | 0_2_00A7F130 | |
| Source: | Code function: | 0_2_00C2712E | |
| Source: | Code function: | 0_2_00BB9140 | |
| Source: | Code function: | 0_2_00BB7280 | |
| Source: | Code function: | 0_2_00A61380 | |
| Source: | Code function: | 0_2_00BB9380 | |
| Source: | Code function: | 0_2_00C274BC | |
| Source: | Code function: | 0_2_00A6B6C0 | |
| Source: | Code function: | 0_2_00BC57C0 | |
| Source: | Code function: | 0_2_00BB1800 | |
| Source: | Code function: | 0_2_00A79870 | |
| Source: | Code function: | 0_2_00A5BAA0 | |
| Source: | Code function: | 0_2_00BB3A80 | |
| Source: | Code function: | 0_2_00A57CB0 | |
| Source: | Code function: | 0_2_00BB1C10 | |
| Source: | Code function: | 0_2_00BB9C00 | |
| Source: | Code function: | 0_2_00AC1E80 | |
| Source: | Code function: | 0_2_00AE9FB0 | |
| Source: | Code function: | 0_2_00A59FC0 | |
| Source: | Code function: | 0_2_00A5BFC0 | |
| Source: | Code function: | 0_2_00B3BF60 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00B616C0 | |
| Source: | Code function: | 0_2_00A7C860 | |
| Source: | Code function: | 0_2_00BA64B0 | |
| Source: | Code function: | 0_2_00A3A1B0 | |
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00B73710 | |
| Source: | Code function: | 0_3_006A603D | |
| Source: | Code function: | 0_3_006AC355 | |
| Source: | Code function: | 0_3_0069C9A9 | |
| Source: | Code function: | 0_2_00A4D391 | |
| Source: | Code function: | 0_2_00C1F5FA | |
| Source: | Check user administrative privileges: | graph_0-77579 | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00B5E4C0 | |
| Source: | Code function: | 0_2_00B90080 | |
| Source: | Code function: | 0_2_00A52380 | |
| Source: | Code function: | 0_2_00B90480 | |
| Source: | Code function: | 0_2_00B6C6E0 | |
| Source: | Code function: | 0_2_00B84B10 | |
| Source: | Code function: | 0_2_00B411C0 | |
| Source: | Code function: | 0_2_00BA37E0 | |
| Source: | Code function: | 0_2_00B5DB60 | |
| Source: | Code function: | 0_2_00B5FD90 | |
| Source: | Code function: | 0_2_00B8EEF0 | |
| Source: | Code function: | 0_2_00C1BCEB | |
| Source: | Code function: | 0_2_00C23B83 | |
| Source: | Code function: | 0_2_00B92EA0 | |
| Source: | Code function: | 0_2_00B73710 | |
| Source: | Code function: | 0_2_00C2A0EA | |
| Source: | Code function: | 0_2_00C1E569 | |
| Source: | Code function: | 0_2_00C389FB | |
| Source: | Code function: | 0_2_00C38A3F | |
| Source: | Code function: | 0_2_00C1E5D5 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00A6E550 | |
| Source: | Code function: | 0_2_00C1EFC8 | |
| Source: | Code function: | 0_2_00C23B83 | |
| Source: | Code function: | 0_2_00B599A0 | |
| Source: | Code function: | 0_2_00C386F6 | |
| Source: | Code function: | 0_2_00B88C30 | |
| Source: | Code function: | 0_2_00C3F8B8 | |
| Source: | Code function: | 0_2_00C3F99E | |
| Source: | Code function: | 0_2_00C3F903 | |
| Source: | Code function: | 0_2_00C3FDA5 | |
| Source: | Code function: | 0_2_00C3FF7A | |
| Source: | Code function: | 0_2_00B9F160 | |
| Source: | Code function: | 0_2_00C1E230 | |
| Source: | Code function: | 0_2_00B9DA70 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Process Injection | 1 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Native API | 1 DLL Side-Loading | 1 Scheduled Task/Job | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 3 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 2 Obfuscated Files or Information | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 System Owner/User Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 15 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1524979 |
| Start date and time: | 2024-10-03 14:49:03 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 13s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 1 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | game.exe |
| Detection: | CLEAN |
| Classification: | clean5.winEXE@1/0@0/0 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: game.exe
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.447087447835371 |
| TrID: |
|
| File name: | game.exe |
| File size: | 3'943'344 bytes |
| MD5: | 7ff30d3ab976b5771ba56163f0919386 |
| SHA1: | 0acf7c157c7a0f0eae8d8b0ee11890a935a53724 |
| SHA256: | 511e21b8c183fee710862aa39fe11cd87d632377b123b0ecba4e979100237f42 |
| SHA512: | cd769f2eed61499c77b18365306c5f4c6ad7d6593f7710141c87f726fca4d379f71eb9cd5007c9579dbfebb69c4513dc5fe8a9ea3fa049b08dda2721a1306cdb |
| SSDEEP: | 49152:yWbbWb9tjju4k9y6lHao8JhBJyRjYQcUBiUARPU8Gbr2Y5l50PDPAELcpB2MpF8Q:yr99u4kc8Hao8eRjYBU4UAir2Y5EPDm |
| TLSH: | 56066B31764AC52FD9A201B0192C9A9F512CAF760BB254C7B3DC2E7E0BB55C21736E27 |
| File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........2#..\p..\p..\pq._q..\pq.Yq..\pq.Zq..\p..Xq..\p.._q..\p..Yq..\pq.Xq..\pq.]q..\pq.[q..\p..]pH.\p.[Uq..\p.[.p..\p...p..\p.[^q..\ |
 | |
| Icon Hash: | 0e33713919a5130f |
| Entrypoint: | 0x5ef409 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x64F9C46E [Thu Sep 7 12:39:10 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 608505ff1e7e27ff4a42ea9c4e9f4192 |
| Signature Valid: | true |
| Signature Issuer: | CN=SSL.com Code Signing Intermediate CA RSA R1, O=SSL Corp, L=Houston, S=Texas, C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 69985D67B105B53BE8B20BBA6F4E8048 |
| Thumbprint SHA-1: | ED892EDC5950D96116F97900995B1CEE43A12598 |
| Thumbprint SHA-256: | 33E64EED43ECF01AA07F127277763C1EF6F68F72CB6140847D75CEC4F8FF2BF7 |
| Serial: | 43BD8D6AA3FECB65766396C09E9EEDEA |
| Instruction |
|---|
| call 00007F0C74E20D66h |
| jmp 00007F0C74E2059Fh |
| push ebp |
| mov ebp, esp |
| and dword ptr [0072C2CCh], 00000000h |
| sub esp, 24h |
| or dword ptr [00728020h], 01h |
| push 0000000Ah |
| call dword ptr [0067B25Ch] |
| test eax, eax |
| je 00007F0C74E208D2h |
| and dword ptr [ebp-10h], 00000000h |
| xor eax, eax |
| push ebx |
| push esi |
| push edi |
| xor ecx, ecx |
| lea edi, dword ptr [ebp-24h] |
| push ebx |
| cpuid |
| mov esi, ebx |
| pop ebx |
| nop |
| mov dword ptr [edi], eax |
| mov dword ptr [edi+04h], esi |
| mov dword ptr [edi+08h], ecx |
| xor ecx, ecx |
| mov dword ptr [edi+0Ch], edx |
| mov eax, dword ptr [ebp-24h] |
| mov edi, dword ptr [ebp-20h] |
| mov dword ptr [ebp-0Ch], eax |
| xor edi, 756E6547h |
| mov eax, dword ptr [ebp-18h] |
| xor eax, 49656E69h |
| mov dword ptr [ebp-04h], eax |
| mov eax, dword ptr [ebp-1Ch] |
| xor eax, 6C65746Eh |
| mov dword ptr [ebp-08h], eax |
| xor eax, eax |
| inc eax |
| push ebx |
| cpuid |
| mov esi, ebx |
| pop ebx |
| nop |
| lea ebx, dword ptr [ebp-24h] |
| mov dword ptr [ebx], eax |
| mov eax, dword ptr [ebp-04h] |
| or eax, dword ptr [ebp-08h] |
| or eax, edi |
| mov dword ptr [ebx+04h], esi |
| mov dword ptr [ebx+08h], ecx |
| mov dword ptr [ebx+0Ch], edx |
| jne 00007F0C74E20765h |
| mov eax, dword ptr [ebp-24h] |
| and eax, 0FFF3FF0h |
| cmp eax, 000106C0h |
| je 00007F0C74E20745h |
| cmp eax, 00020660h |
| je 00007F0C74E2073Eh |
| cmp eax, 00020670h |
| je 00007F0C74E20737h |
| cmp eax, 00030650h |
| je 00007F0C74E20730h |
| cmp eax, 00030660h |
| je 00007F0C74E20729h |
| cmp eax, 00030670h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x325ef4 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x336000 | 0x6d65c | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3c0c28 | 0x1f88 | .reloc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3a4000 | 0x29218 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2c84d0 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x2c8540 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x299d90 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x27b000 | 0x2fc | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x32324c | 0x280 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x279ac6 | 0x279c00 | 11aedc3b7d655a259d30cc5f5fc4cb28 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x27b000 | 0xac076 | 0xac200 | 1aad84f9ecc183c33dd368eec7c0e655 | False | 0.3258924518881627 | DIY-Thermocam raw data (Lepton 3.x), scale -2630-8835, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 974560704.000000 | 5.061847432030138 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x328000 | 0xd260 | 0x3c00 | 0bff262a25d32c3dde3349bee5da87c2 | False | 0.2669921875 | data | 4.791668844581246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x336000 | 0x6d65c | 0x6d800 | 5a0b1a4158dd8fad7bcf25888bcf031e | False | 0.246597638413242 | data | 5.488066987169376 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x3a4000 | 0x29218 | 0x29400 | 17574e23e92b0ab35c6f98688053b38f | False | 0.4413293087121212 | data | 6.508215752056589 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x336910 | 0x13e | Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colors | English | United States | 0.25471698113207547 |
| RT_BITMAP | 0x336a50 | 0x828 | Device independent bitmap graphic, 32 x 16 x 32, image size 0 | English | United States | 0.03017241379310345 |
| RT_BITMAP | 0x337278 | 0x48a8 | Device independent bitmap graphic, 290 x 16 x 32, image size 0 | English | United States | 0.11881720430107527 |
| RT_BITMAP | 0x33bb20 | 0xa6a | Device independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/m | English | United States | 0.21680420105026257 |
| RT_BITMAP | 0x33c58c | 0x152 | Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colors | English | United States | 0.5295857988165681 |
| RT_BITMAP | 0x33c6e0 | 0x828 | Device independent bitmap graphic, 32 x 16 x 32, image size 0 | English | United States | 0.4875478927203065 |
| RT_ICON | 0x33cf08 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | English | United States | 0.32899369766547326 |
| RT_ICON | 0x37ef30 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.08703319502074688 |
| RT_ICON | 0x3814d8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.16463414634146342 |
| RT_ICON | 0x382580 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.18565573770491803 |
| RT_ICON | 0x382f08 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.3262411347517731 |
| RT_DIALOG | 0x383370 | 0xac | data | English | United States | 0.7151162790697675 |
| RT_DIALOG | 0x38341c | 0xcc | data | English | United States | 0.6911764705882353 |
| RT_DIALOG | 0x3834e8 | 0x1b4 | data | English | United States | 0.5458715596330275 |
| RT_DIALOG | 0x38369c | 0x136 | data | English | United States | 0.6064516129032258 |
| RT_DIALOG | 0x3837d4 | 0x4c | data | English | United States | 0.8289473684210527 |
| RT_STRING | 0x383820 | 0x234 | data | English | United States | 0.4645390070921986 |
| RT_STRING | 0x383a54 | 0x182 | data | English | United States | 0.5103626943005182 |
| RT_STRING | 0x383bd8 | 0x50 | data | English | United States | 0.7375 |
| RT_STRING | 0x383c28 | 0x9a | data | English | United States | 0.37662337662337664 |
| RT_STRING | 0x383cc4 | 0x2f6 | data | English | United States | 0.449868073878628 |
| RT_STRING | 0x383fbc | 0x5c0 | data | English | United States | 0.3498641304347826 |
| RT_STRING | 0x38457c | 0x434 | data | English | United States | 0.32899628252788105 |
| RT_STRING | 0x3849b0 | 0x100 | data | English | United States | 0.5703125 |
| RT_STRING | 0x384ab0 | 0x484 | data | English | United States | 0.39186851211072665 |
| RT_STRING | 0x384f34 | 0x1ea | data | English | United States | 0.44081632653061226 |
| RT_STRING | 0x385120 | 0x18a | data | English | United States | 0.5228426395939086 |
| RT_STRING | 0x3852ac | 0x216 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | United States | 0.46254681647940077 |
| RT_STRING | 0x3854c4 | 0x624 | data | English | United States | 0.3575063613231552 |
| RT_STRING | 0x385ae8 | 0x660 | data | English | United States | 0.3474264705882353 |
| RT_STRING | 0x386148 | 0x2e2 | data | English | United States | 0.4037940379403794 |
| RT_GROUP_ICON | 0x38642c | 0x14 | data | English | United States | 1.1 |
| RT_GROUP_ICON | 0x386440 | 0x4c | data | English | United States | 0.8026315789473685 |
| RT_VERSION | 0x38648c | 0x398 | OpenPGP Public Key | English | United States | 0.3858695652173913 |
| RT_HTML | 0x386824 | 0x3835 | ASCII text, with very long lines (443), with CRLF line terminators | English | United States | 0.08298005420807561 |
| RT_HTML | 0x38a05c | 0x1316 | ASCII text, with CRLF line terminators | English | United States | 0.18399508800654932 |
| RT_HTML | 0x38b374 | 0x8c77 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.08081426068578103 |
| RT_HTML | 0x393fec | 0x6acd | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.10679931238798873 |
| RT_HTML | 0x39aabc | 0x6a2 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.3486454652532391 |
| RT_HTML | 0x39b160 | 0x104a | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.2170263788968825 |
| RT_HTML | 0x39c1ac | 0x15b1 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.17612101566720692 |
| RT_HTML | 0x39d760 | 0x205c | exported SGML document, ASCII text, with very long lines (659), with CRLF line terminators | English | United States | 0.13604538870111058 |
| RT_HTML | 0x39f7bc | 0x368d | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.10834228428213391 |
| RT_MANIFEST | 0x3a2e4c | 0x80f | XML 1.0 document, ASCII text, with CRLF, LF line terminators | English | United States | 0.40814348036839554 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, CreateProcessW, GetLastError, GetExitCodeProcess, SetEvent, RemoveDirectoryW, GetProcAddress, GetModuleHandleW, GetWindowsDirectoryW, CreateDirectoryW, GetTempPathW, GetTempFileNameW, MoveFileW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, GetFinalPathNameByHandleW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SetFileTime, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, GetVersionExW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, LocalFree, LocalAlloc, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW, GetProcessAffinityMask, GetModuleHandleA, GlobalMemoryStatus, ReleaseSemaphore, CreateSemaphoreW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 08:49:53 |
| Start date: | 03/10/2024 |
| Path: | C:\Users\user\Desktop\game.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa30000 |
| File size: | 3'943'344 bytes |
| MD5 hash: | 7FF30D3AB976B5771BA56163F0919386 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 29.8% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 43 |
Graph
Function 00B73710 Relevance: 35.6, APIs: 10, Strings: 10, Instructions: 633libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B785B0 Relevance: 31.1, APIs: 10, Strings: 7, Instructions: 1365synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B9DA70 Relevance: 26.8, APIs: 12, Strings: 3, Instructions: 536registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B664D0 Relevance: 7.8, APIs: 5, Instructions: 315COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B19F70 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1E5D5 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5E4C0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6E550 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B44200 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 327libraryloaderfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B79B70 Relevance: 22.0, APIs: 9, Strings: 3, Instructions: 1007threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A41830 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 265libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1E367 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5BC60 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 238registrylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA32F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B47E60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B800D0 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B89330 Relevance: 9.1, APIs: 6, Instructions: 69threadsynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B61850 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5F310 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B782B0 Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B84230 Relevance: 4.7, APIs: 3, Instructions: 195fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B81040 Relevance: 4.7, APIs: 3, Instructions: 175fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B7FE60 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B62240 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B80060 Relevance: 3.0, APIs: 2, Instructions: 30threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C36B2D Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B45F60 Relevance: 2.6, APIs: 2, Instructions: 68COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B88AC0 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C380CF Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3AA00 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C36B67 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1B3D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1B3FA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1B3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1B45E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B9F260 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B92EA0 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 517fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6EB30 Relevance: 37.8, APIs: 13, Strings: 8, Instructions: 1086stringthreadsleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A52380 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 664fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A50590 Relevance: 21.6, APIs: 14, Instructions: 611COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B70800 Relevance: 21.0, APIs: 2, Strings: 9, Instructions: 1718fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B6C6E0 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 420fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6C6F0 Relevance: 15.7, Strings: 12, Instructions: 718COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B84B10 Relevance: 15.7, APIs: 10, Instructions: 657COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6B6C0 Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 856windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A5C7F0 Relevance: 13.3, Strings: 10, Instructions: 767COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A61380 Relevance: 12.9, APIs: 5, Strings: 2, Instructions: 685windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ACA730 Relevance: 10.7, Strings: 8, Instructions: 672COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A849E0 Relevance: 9.9, Strings: 7, Instructions: 1105COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA37E0 Relevance: 9.2, APIs: 6, Instructions: 190fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1E569 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5DB60 Relevance: 7.7, APIs: 5, Instructions: 240fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ABC860 Relevance: 6.7, APIs: 2, Strings: 2, Instructions: 683memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C36CBA Relevance: 6.3, APIs: 4, Instructions: 337COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B90080 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A57CB0 Relevance: 5.7, Strings: 4, Instructions: 696COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4E8E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 425registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B90480 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6A5E0 Relevance: 5.4, Strings: 4, Instructions: 356COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A5BAA0 Relevance: 5.3, Strings: 4, Instructions: 346COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB7280 Relevance: 5.3, Strings: 4, Instructions: 254COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B411C0 Relevance: 4.7, APIs: 3, Instructions: 167fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3A1B0 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48C90 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ADA4D0 Relevance: 4.2, Strings: 3, Instructions: 404COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BC57C0 Relevance: 4.1, Strings: 3, Instructions: 314COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AEA400 Relevance: 3.5, Strings: 2, Instructions: 997COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C2EB00 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A62BF0 Relevance: 3.3, APIs: 2, Instructions: 258windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B616C0 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A50140 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AA96E0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A79870 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BBA120 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AACB70 Relevance: 1.8, Strings: 1, Instructions: 523COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A5B400 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB9140 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A7F130 Relevance: .8, Instructions: 763COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB22C0 Relevance: .6, Instructions: 554COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB9380 Relevance: .4, Instructions: 409COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C274BC Relevance: .4, Instructions: 388COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ACEC30 Relevance: .4, Instructions: 386COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C2712E Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB1800 Relevance: .3, Instructions: 285COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB8340 Relevance: .2, Instructions: 224COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA5510 Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A46D30 Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB6990 Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BB3A80 Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C08D30 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AF9A20 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A493B0 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A49990 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A68F80 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C389FB Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C38A3F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C2A0EA Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B63B80 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B63800 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 223registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48CF0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 462stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3EEB0 Relevance: 25.0, APIs: 8, Strings: 6, Instructions: 455libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6E610 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 358libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3F7C0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B602B0 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 443registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B6CC20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 410libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A68440 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B6A140 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 132windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B92BA0 Relevance: 16.7, APIs: 11, Instructions: 192fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B940F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 302libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A44E90 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 265memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B996E0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 180fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3D430 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B88910 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 148libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A790B0 Relevance: 13.9, APIs: 9, Instructions: 433memorysynchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B68590 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 290fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA6DA0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B9EC10 Relevance: 12.3, APIs: 8, Instructions: 324COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AAEF90 Relevance: 12.2, APIs: 8, Instructions: 171COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A511C0 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1E473 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B94470 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 324synchronizationfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B87370 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 231fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48460 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5E0F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4E200 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 150fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A67040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124windowstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5FA40 Relevance: 10.6, APIs: 7, Instructions: 108processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B689C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C38302 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5EA40 Relevance: 9.2, APIs: 6, Instructions: 233COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B69990 Relevance: 9.2, APIs: 6, Instructions: 156windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A712B0 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A710B0 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA4030 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 244fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5FB90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4A1A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B3BA00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C2A10C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A52E30 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 338memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A791F0 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B97740 Relevance: 7.7, APIs: 5, Instructions: 204COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A69BB0 Relevance: 7.7, APIs: 5, Instructions: 178windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA4520 Relevance: 7.7, APIs: 5, Instructions: 160threadsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B57890 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B5A300 Relevance: 7.6, APIs: 6, Instructions: 105memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A5AB80 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A61150 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A699A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00BA3600 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A40F60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B67090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C2369C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A464E0 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A63770 Relevance: 6.3, APIs: 4, Instructions: 256windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4EF50 Relevance: 6.2, APIs: 4, Instructions: 166memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B75920 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B3B7C0 Relevance: 6.2, APIs: 4, Instructions: 159windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AF05E0 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00AEBAC0 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C1C723 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A66C30 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 321windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B98900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00B3B4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A887F0 Relevance: 5.2, APIs: 4, Instructions: 240memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A87490 Relevance: 5.2, APIs: 4, Instructions: 176memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A3EA60 Relevance: 5.1, APIs: 4, Instructions: 142memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|