Windows
Analysis Report
FSCaptureSetup107.exe
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Compliance
Score: | 49 |
Range: | 0 - 100 |
Signatures
Classification
- System is w10x64
- FSCaptureSetup107.exe (PID: 5284 cmdline:
"C:\Users\ user\Deskt op\FSCaptu reSetup107 .exe" MD5: 28627A37983F5DC8E00D9C03C7B2DEC6)
- FSCapture.exe (PID: 5960 cmdline:
"C:\Progra m Files (x 86)\FastSt one Captur e\FSCaptur e.exe" MD5: D5AC941C445B6EB907D0B96D84F15FE7)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Compliance |
---|
Source: | Static PE information: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405D74 | |
Source: | Code function: | 0_2_0040699E | |
Source: | Code function: | 0_2_0040290B |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00405809 |
Source: | Code function: | 0_2_00403640 |
Source: | Code function: | 0_2_00406D5F | |
Source: | Code function: | 4_2_077DFB4F | |
Source: | Code function: | 4_2_077DE3C8 | |
Source: | Code function: | 4_2_077D6A59 | |
Source: | Code function: | 4_2_077DAE47 | |
Source: | Code function: | 4_2_077D1A30 | |
Source: | Code function: | 4_2_077DEAC0 | |
Source: | Code function: | 4_2_077D4A85 | |
Source: | Code function: | 4_2_077DDE84 | |
Source: | Code function: | 4_2_077DD940 | |
Source: | Code function: | 4_2_10023030 | |
Source: | Code function: | 4_2_1003F050 | |
Source: | Code function: | 4_2_10007070 | |
Source: | Code function: | 4_2_1001C0D6 | |
Source: | Code function: | 4_2_1001C0D8 | |
Source: | Code function: | 4_2_10016190 | |
Source: | Code function: | 4_2_100131A0 | |
Source: | Code function: | 4_2_100451A0 | |
Source: | Code function: | 4_2_100221D0 | |
Source: | Code function: | 4_2_10021200 | |
Source: | Code function: | 4_2_10037200 | |
Source: | Code function: | 4_2_10064234 | |
Source: | Code function: | 4_2_10016270 | |
Source: | Code function: | 4_2_10020270 | |
Source: | Code function: | 4_2_1004A280 | |
Source: | Code function: | 4_2_1001E299 | |
Source: | Code function: | 4_2_1001F2B0 | |
Source: | Code function: | 4_2_10007330 | |
Source: | Code function: | 4_2_10016340 | |
Source: | Code function: | 4_2_1004E340 | |
Source: | Code function: | 4_2_10001430 | |
Source: | Code function: | 4_2_10022507 | |
Source: | Code function: | 4_2_10022509 | |
Source: | Code function: | 4_2_1002152C | |
Source: | Code function: | 4_2_10033530 | |
Source: | Code function: | 4_2_10047540 | |
Source: | Code function: | 4_2_1001F5C4 | |
Source: | Code function: | 4_2_1001F5C6 | |
Source: | Code function: | 4_2_1001B5E0 | |
Source: | Code function: | 4_2_10007620 | |
Source: | Code function: | 4_2_1003D650 | |
Source: | Code function: | 4_2_10042680 | |
Source: | Code function: | 4_2_1001C710 | |
Source: | Code function: | 4_2_10013730 | |
Source: | Code function: | 4_2_10066732 | |
Source: | Code function: | 4_2_10007738 | |
Source: | Code function: | 4_2_10064778 | |
Source: | Code function: | 4_2_1001D780 | |
Source: | Code function: | 4_2_100117E0 | |
Source: | Code function: | 4_2_100237F0 | |
Source: | Code function: | 4_2_10033800 | |
Source: | Code function: | 4_2_1000D840 | |
Source: | Code function: | 4_2_1001B858 | |
Source: | Code function: | 4_2_100338B9 | |
Source: | Code function: | 4_2_1005D8E0 | |
Source: | Code function: | 4_2_100348F0 | |
Source: | Code function: | 4_2_10005950 | |
Source: | Code function: | 4_2_1001C96C | |
Source: | Code function: | 4_2_100489B0 | |
Source: | Code function: | 4_2_10021A00 | |
Source: | Code function: | 4_2_10042A10 | |
Source: | Code function: | 4_2_10020A30 | |
Source: | Code function: | 4_2_10006A90 | |
Source: | Code function: | 4_2_1001FA90 | |
Source: | Code function: | 4_2_10058AD0 | |
Source: | Code function: | 4_2_10023AF6 | |
Source: | Code function: | 4_2_10023AF4 | |
Source: | Code function: | 4_2_1005EB19 | |
Source: | Code function: | 4_2_10011C80 | |
Source: | Code function: | 4_2_10048CB0 | |
Source: | Code function: | 4_2_10051CC0 | |
Source: | Code function: | 4_2_10063CF0 | |
Source: | Code function: | 4_2_1003DD30 | |
Source: | Code function: | 4_2_10020D36 | |
Source: | Code function: | 4_2_10020D34 | |
Source: | Code function: | 4_2_1001AD70 | |
Source: | Code function: | 4_2_1001FDA4 | |
Source: | Code function: | 4_2_1001FDA6 | |
Source: | Code function: | 4_2_10005E09 | |
Source: | Code function: | 4_2_1001BE60 | |
Source: | Code function: | 4_2_10064E70 | |
Source: | Code function: | 4_2_10065EC6 | |
Source: | Code function: | 4_2_10007EF0 | |
Source: | Code function: | 4_2_1004AF10 | |
Source: | Code function: | 4_2_1001CF40 | |
Source: | Code function: | 4_2_1001AFD6 | |
Source: | Code function: | 4_2_1001AFD8 | |
Source: | Code function: | 4_2_1001DFF0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00403640 |
Source: | Code function: | 0_2_00404AB5 |
Source: | Code function: | 0_2_004021AA |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File written: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 4_2_077D9915 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 4_2_077D50A4 | |
Source: | Code function: | 4_2_1005CDD8 | |
Source: | Code function: | 4_2_0076C324 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Code function: | 0_2_00405D74 | |
Source: | Code function: | 0_2_0040699E | |
Source: | Code function: | 0_2_0040290B |
Source: | API call chain: | graph_0-3489 |
Source: | Code function: | 4_2_077D92A5 |
Source: | Code function: | 4_2_077D9915 |
Source: | Code function: | 4_2_077D92A5 | |
Source: | Code function: | 4_2_077D8DEF | |
Source: | Code function: | 4_2_077DCDAA | |
Source: | Code function: | 4_2_1005D0E5 | |
Source: | Code function: | 4_2_10059BFE | |
Source: | Code function: | 4_2_10065C74 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_077DF93C | |
Source: | Code function: | 4_2_100664E8 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 4_2_077D8CDB |
Source: | Code function: | 0_2_00403640 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 12 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 2 Process Injection | 1 Access Token Manipulation | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 1 Clipboard Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 2 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 2 Obfuscated Files or Information | NTDS | 3 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 25 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1527895 |
Start date and time: | 2024-10-07 10:59:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FSCaptureSetup107.exe |
Detection: | CLEAN |
Classification: | clean4.winEXE@2/50@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: FSCaptureSetup107.exe
Time | Type | Description |
---|---|---|
05:00:49 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Program Files (x86)\FastStone Capture\FSCIcon.db | Get hash | malicious | PureLog Stealer | Browse | ||
Get hash | malicious | PureLog Stealer | Browse | |||
C:\Program Files (x86)\FastStone Capture\FSCPlugin01.dll | Get hash | malicious | PureLog Stealer | Browse | ||
Get hash | malicious | PureLog Stealer | Browse |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2022 |
Entropy (8bit): | 3.7043669932880423 |
Encrypted: | false |
SSDEEP: | 48:wflLV+HAj/7lIimIldNaq2WgS4xCWMa++zPDh:wNx+Ho7GimStL4xCz0zrh |
MD5: | 107FBA7548488E7B2442556BE048D5C2 |
SHA1: | 8FFD3008E3929C5503F5F7BC4B3126D5E444AD4E |
SHA-256: | 232A42E5CEF0478141B49A6BE9DA1F0F0C7C10B76F3C7B72EB9D91222AAC034D |
SHA-512: | 62FCE847420A4AC40A1BAE163E41E04A621D14775E5E2E7DC3A0A63FFC1EF100F1A92014E7DE7307C0F98A6C34210012A4A3992B2AE99D4AF4D34520BFB6BF7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 749154 |
Entropy (8bit): | 7.924075690289188 |
Encrypted: | false |
SSDEEP: | 12288:fZXeDKBnzkX0lrYlEIEYBzRZCfWI8pjTmqapHpvAkbl03rx7Qns1VUzuvtIsLL72:YQ4kUQGV3I8V+pIqurKsbFtIg74/T |
MD5: | 8F23FAE255FF499A0EE3B2A34DCB402E |
SHA1: | 10A40CF783D16BACBC7FCC9D9D13425AAC7D6362 |
SHA-256: | 0A0B62E6F5F3B7824EEC81CA33740B6B16D73E2093505AC191F0CD75E4931CA0 |
SHA-512: | 6EB259269C8AF00C7174DED2E04246BA07F0D48A8CDD9158A97C38A7D5D55B8C3ACE4ADDB7A08C3B3A6A26F5489B38F6802DA8C79522A2251A5565AB75AD92F2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39936 |
Entropy (8bit): | 3.0334915512311196 |
Encrypted: | false |
SSDEEP: | 96:nPtA/dChd6kwoSJNAngD+PLKIoyNSjcWTvR0MHm////////////IXDlw2RjbGS7f:ni0hd5HUUtoyIjcWTOMHhxAivM3 |
MD5: | E4DD6134F0DA16B24F9DF1BBA0969F55 |
SHA1: | 4CED9E445246FCD570E42ACC85BCE4F89AE4736D |
SHA-256: | 3CC8478F1DE6BA82347702F74A0A413105189C26238123C6DE21635D751FFD80 |
SHA-512: | E19495DFA70A803FBDD6C974A17C26277809BF251C0DA7BB81BD12E6F44B35E5F34F7944C2BB2B823F85AB0B7048A7D3761D52CA793249B168984D93E9C90E58 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326856 |
Entropy (8bit): | 6.507303143563013 |
Encrypted: | false |
SSDEEP: | 6144:Iu/M8/CrMeIS4iB7ncZzPnRGpk2WQvg1+i/X5NKP5NCs/lwaj2Qy:l/Anc1x2Wj5NKPqs92Qy |
MD5: | F421919DA3CB7C44B086210D4D797D7A |
SHA1: | CDCA33C63F6FAE255A6F64BDCA62BD8DBC7032DC |
SHA-256: | CF66F927D6D3EBC77D93567C25C9577803E5FB64201755D7773257C4C3ED5D2B |
SHA-512: | BB98BFDBEA713AE19DA38CB3CFAA4F2C54A5AF2C9ADC8A80EEA415F45EB07005307733589FCF54F407A090E5E6C228FAC3FF654F4AA71CB861265D6B41A01472 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3687568 |
Entropy (8bit): | 5.966246760152598 |
Encrypted: | false |
SSDEEP: | 49152:IhFXzHdg+4U90CBP+uKC7kqzDLS0l1W4D1T:+dbUC |
MD5: | A3101ADDC099361A751198614972D5FA |
SHA1: | 9379EC77C520C19CD698369AEF6ACDC4E32EE10D |
SHA-256: | 4EF58566D20EAE8ED18177DA8FCABBC55A5585CC5CC51806EF86E136291AC1F1 |
SHA-512: | A0AE4A9BF7BA7AF8B539CEB77ACA1F21C27A6AC6B418737559263E2C5084568E9A821E7C8101CF7E1DA5F00A677CFAC528185BF31E0C67BF76A1D4174DA70F37 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2274448 |
Entropy (8bit): | 6.65325844717495 |
Encrypted: | false |
SSDEEP: | 24576:x1+Sus1HRBOcDtwCpFf4fMaJj8C7hkEcw32Ig1BJS/AcOWdg0DZMK0jwUAHxala:NJzVAjj8uo1nSocOsDZMoDHxk |
MD5: | FC610B497818BCB5249E72410AED5162 |
SHA1: | 3DA9E3FEF84300FBDA10FDC9E97250D1FB4367A2 |
SHA-256: | FB8C862B1E2C2F423DDE036B9D77F241951674DC5E6EE51954F2B37E19BCA378 |
SHA-512: | 4F23BEA8BA7BF51DCE14437FE5209B3B3209C1D6D7F8912FA91FA734A98CB92BED129CDEE8EBFDDFD22FCF42D90B5944E5D64E026FF531527B705664FAB8B3E4 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1648520 |
Entropy (8bit): | 6.611277014754512 |
Encrypted: | false |
SSDEEP: | 24576:r+L+R2nWVAu3td0VpXRwylIjLVt0sA7GIdmuTFgke8KR6DdgO3I3q4Pj3HCMo:wI3LEhBsDV89Y7XCMo |
MD5: | 3D936F0507E9BE6F4AEDE56BF440F42C |
SHA1: | CFFFCE39FB24978BA87D550AA9729FD0776B4FCC |
SHA-256: | 99C55D9B65D38C22DD84FC96DE55A29008E564B92AE97D9B3B31BBDD31D78A01 |
SHA-512: | C913E2FD6B2E4242727322E14750DFF8911C8CD5FB3713DB8BB9F83E22C2247C39CB1A9B1FD4D768A11B47755DD1CFCD8C5F1D06F9FFF724554C50B6A2B50006 |
Malicious: | false |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 120456 |
Entropy (8bit): | 6.439927806022288 |
Encrypted: | false |
SSDEEP: | 3072:yuJnXnJMBIrVDtuUFAWoULBRmBrv8qKxs:yYXfpxuUFZDBR8h |
MD5: | 70C3F6892684641080C6FFE2F32B9BDA |
SHA1: | CBB401C44A17E85E54E73B0C716CD5E819FF6421 |
SHA-256: | 3D2877A8D739F682FB5323C00D568483F8C878C6AC745DE5F0D0CAA7FFA3788A |
SHA-512: | D1341D4E190EA4109A15A99E4119B2559C0D330DF43AB2ED6605F454E9F7012FD42FA75DDE9A8290C366FBF50B4D44D36548E35568BC510B974FA4CFE47F7F30 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2869128 |
Entropy (8bit): | 6.587584991339312 |
Encrypted: | false |
SSDEEP: | 49152:LGcGi7xkdj0xGjEEBSNI+1oeuX4KQxUjB30yM5RTbT4XN:KcVkZ9Buoeo4ajB30XiXN |
MD5: | 3DFF39A3EDA72F6360CEDCBB5F324C67 |
SHA1: | 035B5F7CF78276F61EDC89180C21B623A236B449 |
SHA-256: | D1A175B774962E38E37C40A8DA1F6CED0D0FCD8E5A5667EFEBC94F26C2FB1C76 |
SHA-512: | 3504988ED204572B41B85400294E3E4B98022CB1958EDF9A07F79BF3701DEAC34E1E701457BD65759B8F988A91B3159575B8BC04301D0161C4C38026EA70CD55 |
Malicious: | false |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26504 |
Entropy (8bit): | 6.539209436879084 |
Encrypted: | false |
SSDEEP: | 384:gGSRg3LRNHTitQa6anmoNsaaU9JGnKUDzE6/L8+IYix6wEtiyAM+o/8E9VF0Nyg0:gp2LROLqX/ATYixpFyAMxkEWC |
MD5: | E3EF14ED122068DAE0AEEF89DB996513 |
SHA1: | 32CE0BEE51FB8FF7E02C7917CB06D72DABDD0FCB |
SHA-256: | FE43D2A447EACBDA956728AD75B85C4743D406389C0354F3D81BBB0DFB4A7D44 |
SHA-512: | FED0BD0CFC1F5272A62CCFB6B8127B272D10D942D2DD8505EA61685B50426AA5C167117060A627F19649A672721F824018DFDA1B610EBE740694EAF7445E9371 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7563656 |
Entropy (8bit): | 6.870770305666163 |
Encrypted: | false |
SSDEEP: | 196608:7SyDtyDnxB+yKtRlR6dqHXJ7YPcwD4YSqObJdmr2tKjmSIS:7NyDxBnY6BEwDaqOO2tAmSIS |
MD5: | D5AC941C445B6EB907D0B96D84F15FE7 |
SHA1: | F3351699F44612579EA2646001DF954B3AA85A3B |
SHA-256: | 1A8499B56435991CB6B042919B6D79357E913C14B9CBBC1089525D77F9FDB2EE |
SHA-512: | EEBEF0DB392B714D6F9BB950C11F136C80E81C38292347C9A99721A7B1D5AE129E8B4833A904B1340C259BE3C9617EEAA3D23A40B070D8C5628671D60FF6C48D |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 176729 |
Entropy (8bit): | 7.916956322771971 |
Encrypted: | false |
SSDEEP: | 3072:rKrOuOmioe0Z/FnSgNf+YVvhNIJC5KH/CNQ4GJXDd1E0M:r2OuOmu0e4f+YhhVrxKLE0M |
MD5: | EE9541FC0234AAE432DB2985B4ABB709 |
SHA1: | C89BE531F7FD37D5F04A68C9D3F2D36DF96C0428 |
SHA-256: | 4815A94312EA9218C5B1E502F53A83719B20415FFDD3F6BBC285F772A8558256 |
SHA-512: | 03A46A6E997BDF9613922B842C0B2EFDCA39A0670B7113ADEFF4C696318FFFDC1FBD46857CD90AB826E0289452E13C364BB03A6127069CB9EE5D77F7327E0B04 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 646792 |
Entropy (8bit): | 6.622561341110581 |
Encrypted: | false |
SSDEEP: | 12288:hIRXXg5ro19GsHuRwX6ZLs+O3EoKhjkiYkKhtmfCllQtpP/Z63iwwoZRr:hI+oGZRwqZLPO6jkiUf3lUP/Z63iwwoT |
MD5: | EFFB23AB4ECE53D5E07C8C0437D86BBE |
SHA1: | B695BDA41C3B115375025B6A11E6E2CFE740EAEE |
SHA-256: | C0BCB458D844158F42F8BE4DA7187008115F849FF25D85AA00FA8637869EDE2F |
SHA-512: | CABFFD4A53524A681DB07784F5C8517545F730ABEC1ADF5C79DA4A91A61295EEC266313FF631C1CDF2389C564C2D448A7B323A6122674617BA130E7F9B0A9F16 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651912 |
Entropy (8bit): | 6.630178927904243 |
Encrypted: | false |
SSDEEP: | 12288:9IuPNeBhqk/28pUgna9ref4+/dFPfwCXrUhgIZXu8C6Z:9IkeBVpRna98dlzeu8b |
MD5: | 97AA518D2A3B2AD63573128C7E10E6C5 |
SHA1: | 88CD0BC2496025A7979393807DCC089BA09BD9E8 |
SHA-256: | 493B2B08ECADD1895C4FCFE0FFD9C7B2B4F5B276CCD494846E0CB35DE004AD91 |
SHA-512: | 1A77895B740191CCDFCB3377528EF1B907BC138297D5EEA7BCEFA23D65EBCBCC11F29EBA70151C570928ECA099C2C87A1AE1D94226A19DBB0C2EE459AC371256 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16493 |
Entropy (8bit): | 7.970089956405633 |
Encrypted: | false |
SSDEEP: | 384:UaHshj5NpHFgERfllmpvRxNL0ldMRVTPcP1VWyg+ag:9GzCERtliJxNL0ERVDAVpag |
MD5: | D03A70C659C1B548EE2076D3E937CEE6 |
SHA1: | 296DFEFAE326199D39E2B21280D3CE2315F8C5C2 |
SHA-256: | 15DA9D859193790BC08AAA1C88CB61E318FC8E90D8D37D72A5884A028887A898 |
SHA-512: | 0B23D90EFF56642DB7E96A475FE350CA555C5CEDD118FE01A8224B0E85FA908AC4B06AFFBAFA91E0B7A760F9780C9D8683EC773E2CA7935F15D7DCC412B69FA9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5863304 |
Entropy (8bit): | 6.582730492890511 |
Encrypted: | false |
SSDEEP: | 98304:IeTs99ujC8vUZJFdIabS8b4Y24Lm/W71mRGfggzzM72X:I/XujC8MLFdIaO8k34LmpyggM72X |
MD5: | 86725CB7E49416271CA85E1D856F3054 |
SHA1: | A3502C78ABD19FDED5248A3AC1C2C7947BACF396 |
SHA-256: | 9116FDB5078190544BCC39F8DF793D23ED3262333EA5600FC1B8BC6FA07E46DF |
SHA-512: | 674C9F793685FE6945F052FB8C597E6F60A10DCB97DBA03565E75FB7DE7CD53446CDA9AC188F1389CEB4ABEA7B2479D35DD477518D30D3602FD0026992CF1169 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208511 |
Entropy (8bit): | 5.620716068879169 |
Encrypted: | false |
SSDEEP: | 3072:jjevRI50115sxnOIdO7YljePuqQIQ9Ausbk2Nr7rCg9kKVBp/7Yto:jaiVr4KoZ |
MD5: | CC760999D7474C52255929889C66CA5C |
SHA1: | 4F4D3A6AEB374B464EE7036B1E69229A134B5738 |
SHA-256: | 04F909824B08317EEFC33F448ABDE06B1D50372AF502501E61B94961BD7A538D |
SHA-512: | 42AC01E1CF16CA2F28950DEB78654A63FAE3EE7B4CEB17EEAD72F71907F670AC39D97CAA4C5DB4CDA3484C28245ACD7A6E534BCAC7727B29E6360AB6CB971F9B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 209129 |
Entropy (8bit): | 5.627456769442713 |
Encrypted: | false |
SSDEEP: | 3072:QEhGzK5G7Fh605YGK6GDftCIa27zLDzI0POkrH4iazqlGjBgxr8FIEHHL4:n75bx1x2HM |
MD5: | 8751416A2E09ACDAACB2EDECCFF0EF67 |
SHA1: | 3146782E5C90DF46A7A0AFBC3C1FED49032F54B5 |
SHA-256: | 58EB9056EB56801457352F7153AD44BED539C37E2808DA151001155034AA1773 |
SHA-512: | A32E3D982BDD7B4AA879BF62EE26558962756B109DE20CA8D0DBD16A08CD76DA9B27E9D8ED2B72D160B6995E9F4BAE37D5CAA9DDDE64C33C7688C010B669A2EF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287753 |
Entropy (8bit): | 4.41441990168391 |
Encrypted: | false |
SSDEEP: | 3072:5Ogq/rhkCe/spdGX6e2VhrDQmyY+qh1w81D2chrwGqm0AfJS66J4Ym6sf2SKQVXU:2XxXYQaQgDgi |
MD5: | EED09EC6F80153A98E52CE2A1DDE6549 |
SHA1: | 59902A655F70AFDFA00FA58C58B3F293766A229C |
SHA-256: | 488AFC4127E2440FBAF5616B7D0479519B62FC1786A741889A97357E93536E8C |
SHA-512: | B37720A95FD8C6D969EFEDF0572F3493017E4D06BBCF5396CF36541C8B17AF9C21BA5107F9CD1DE5C9EBE81CA30B0F50B73A84815AD83448AC2EF2C37E488691 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 306159 |
Entropy (8bit): | 4.362139594009469 |
Encrypted: | false |
SSDEEP: | 1536:JT2QirCjZeMlxk0x1y2Z9LI7yxnTjGIWvUVWClRXVuOCpAXK0DcYX0xX7pnGhpdb:d2FwzxAkE6mIa2VypAXK0DuLpEpdV9 |
MD5: | 0246C3E9497F63F11E122E30F235361A |
SHA1: | 28F1445CC038FD92B9CE88F6A58B314F2207C5F7 |
SHA-256: | 4CE1B7D56E34BD43E0D895CA81A41DF1435FBD35EA06031C93610314F76B7048 |
SHA-512: | 1BA5976107562F1D4BA0889C8E05BFD73C3D2EA4BBD3D621294897E22656CC8C80901DFDEFA6EFF172672665D8CA9B2C4F32445664ABECEA491FE222EB2F1C6B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298809 |
Entropy (8bit): | 4.414228832456031 |
Encrypted: | false |
SSDEEP: | 3072:QVVqx/R0BHw6kT5hRyJIbwbVC4nIYS9V+QC4VkSk+aMv1XyqAWPY5aTsNQEh1KeR:sVwiNUGQb0q6 |
MD5: | BD34FDCC1444D9DA2E1AC8BDAAA82A93 |
SHA1: | A99E80DAFC175E64E02F75F35EE7F3D3AAB9E3D1 |
SHA-256: | A9F6C0BDBA563F87AA1C66A814564DFC985624707BDE7E8776B17785F82B6A95 |
SHA-512: | DD6EE4B635AE3528CD75E1DC6CCF854F18A2F1B007D804BE9B7DD7A94BA97AFCC0D6AAF8EFD7786F2381866406A1D0D78BAA7886F8C232E9334B5B8F8A5ADD10 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298185 |
Entropy (8bit): | 4.35766713960632 |
Encrypted: | false |
SSDEEP: | 3072:155O9ryG/k8mkvNR70m8qVZHfGaf4Is1Gb08TvPaCdYIstC:T5iI8mvm8i3QIZ08TvYIZ |
MD5: | 90F47C7F9EDFCDC15C9B3E761C9EE997 |
SHA1: | 26F1BBD0D6991E9A5E37CECE74E15E0E922D8AE7 |
SHA-256: | 931A2367A2E6830D66CC0EBB0E9D5E8CE84FC5F0187DFD8C83B95F80F1F28374 |
SHA-512: | 9D6EA643427C4527095189BFE13E9124DB49E6818030AA5B415A0ED8E07E752EE5E0116395683C63F58624EA61F895AE64A1A240E629C49DA6FB1799D1DA0A77 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292075 |
Entropy (8bit): | 4.5497947965231065 |
Encrypted: | false |
SSDEEP: | 3072:Vl8diIXbDnEjuAo/alByUS5MSIG7mqeFZawP:QAjro/anym7H |
MD5: | A6E5E213287A9C8D3B17C47C9F51CC87 |
SHA1: | BC2001F6C0970C6FA4FE3F3155CFB07BE3121F71 |
SHA-256: | D8E9EBF1957B77C78AD2511C57DF242A91CAAADDE7ECDD9EAC9AE359EF9FB7C2 |
SHA-512: | B856BB745B1B93A27C801A3E8D38BFF5C0D1F00F98E778346D1AB87887FD719319D42BBF0EBD156D1EB979D5C82835983693F013CD971CC3B0EB7F5784D26DB2 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287337 |
Entropy (8bit): | 5.084769712386656 |
Encrypted: | false |
SSDEEP: | 3072:Y68baSA5X5Hu0lZAljh76AdqGSAh4Ojok+:IN0sjHqiW |
MD5: | 4D22416774EDEB268FAA292667C2355C |
SHA1: | 23A5E47CD15D135F4F6D15B89062867A41612D21 |
SHA-256: | 990243CD9B361EFF4A4765360D25A2369D5DB0B9C70A878A836D6457D948227A |
SHA-512: | 781D1B429266EFD59F06C6B1DD9A8426D3468EF36E5DED7A3DADDF74CB459682F8F5BF0D68E26CFA76EEF08EFC5988B977C32ECA7B4871D7ACD2C68BC3F2C2FB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 307951 |
Entropy (8bit): | 4.348845877617973 |
Encrypted: | false |
SSDEEP: | 3072:ti+IFWdHeM4c5SYYmSw+VbaqK7Oyw1uCUzFc+hm2y7fa8iUob/HbE8LKGcTZaM7b:ti+IB0YmSDbYw1u91m2yWLK1ZaMf |
MD5: | DB6281DFCDD5E027D405362B94A5E89D |
SHA1: | F879471662E0C2ABF937BF3B5EED73A10A03400B |
SHA-256: | E83D3420658244CC0CC067D4E8F462C03DA4EA04255E525A38FFE78A77E21591 |
SHA-512: | A9BBE3155A19EA471E355452F7E0E5A769E4ACB3B62F4C1DDFDD289FB0683730600CA0F10F2C97A93D2CEC3F3DE05802CF3982F7E65E63BB5CAB75D55676FFED |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 299307 |
Entropy (8bit): | 4.529750204459055 |
Encrypted: | false |
SSDEEP: | 3072:lfjLd5ks8kKfRD1bcgR9qTFTLDByE4n6TdhnZmlkn+WjUVeHo5y4EuIXlkOFLmOz:IWjUVeHo5y4FRfsPpuhtv+ |
MD5: | E95134798E06DB4E1E52BC5DC7A49B77 |
SHA1: | 872FA05CC614C429289540F3434CB65E2607CEB7 |
SHA-256: | 88713CB53CB6E879A8B6408644BF500AB488A3DAD4F01A412EC98C9F8EE1A3FC |
SHA-512: | 766D1BD91FDE0FB90DED2A706DD2482109F2F26CCCEFBB21FDFFD31EDD08D085D54576858D4F3DD4B0BC27F3C1112FDD95BF8A38119C303380019E5B36F171C3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 222445 |
Entropy (8bit): | 5.641112659354512 |
Encrypted: | false |
SSDEEP: | 3072:fIHMLiOdP9mbmTvL20ripqXL7gXTKMqMS+G+wMd+QtA464nM6TAkXTMqHoZRitc:Z+jkMdVTjMqAF |
MD5: | 7931DD3115D08D00D7A765FA7CE30DE5 |
SHA1: | 22D5BA1C5F1AD0FA5ECBE231B82A8C9C59754CB9 |
SHA-256: | F6BC47A9A2A1263EEF4AFFB4DC27594B3DD08C245C66B710BB7F0EBF794CCA45 |
SHA-512: | 2B0A639DC5D5B62991CC62891F55AA329EB3851A114D726B86245DF6EE3D1A3D7041AB0958534B1C6555FDEC6A70F164FF93031046708B2CCDDD500ED2996CA9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 281187 |
Entropy (8bit): | 4.5969337407860955 |
Encrypted: | false |
SSDEEP: | 3072:Es0TFO00rfnFBWrJa058R/G7QBhUQILMnCbVDb3rOJO0pReH3OzQTLZ38Vczg235:1rq00beU0OZue |
MD5: | 42803A06471EEF21A74B0ABF298045C9 |
SHA1: | C501D41B91F1039441D3AE947038272C6FFE901F |
SHA-256: | 44573027139C04EDC2C506427900B91261410EDD3B40067F39C33A68DB2BD87A |
SHA-512: | CB423C8E43594F27985A1B380B769FCA76631B34DEF0B29287E3715AA2E8E83A909282EB0ED4CC7F0CE81BC373FCE71A655CA94DCB95CED20A7A23D23796C661 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285949 |
Entropy (8bit): | 4.46474682172852 |
Encrypted: | false |
SSDEEP: | 3072:DiufPpIQOF2TKleELRK5TXDELgDTAYh0adSyGpt8jPUhveNgm/sX+Bg:DtlSpY72V |
MD5: | 47269D776F98B5AF251476542EA8BC35 |
SHA1: | 9BBA10DAADB3E396C142ED730773763FE3AED7AB |
SHA-256: | 9C57304F183D9992A71423597350F312CA954B3BE7549F4EA22C6961D70E20DD |
SHA-512: | 104BC221FFBD79670CFF0AEDB7B778780BF97896FA3B3A4436045FA6C71EEF4A1510CEF3CDA37C24D85CBF89CB91AE5C805F5A212E56FAF045238C4C0FA31BB2 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 288439 |
Entropy (8bit): | 5.084924661347102 |
Encrypted: | false |
SSDEEP: | 3072:lCPodg0A9DvuRj6Jg+JO0ErxULF3ayeUlEk:9uCYO0wMNp |
MD5: | 429BE29D82949F0CAB1C591936F4E06C |
SHA1: | FA0318110D426237E632653AF60E7B3D093292C1 |
SHA-256: | 499D76FE0E79FEA2C1288C960CE2543E65FC5C6F295875557C70631DC6342D86 |
SHA-512: | A596F9787B663C5608CE00623248F30F554074396DCFC740D68E7271D213B447D7F93B5C953FC082A46E2565E401BEF0EDA4AFE9E8E8F0E1D83DF9BE77EA3C84 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286837 |
Entropy (8bit): | 5.08354792237096 |
Encrypted: | false |
SSDEEP: | 3072:vy8uSh91u689tbCijgDY8nF8rC/coedjp7khomqznSCtudPrpNdn/RaBugUi:kWOp7rAJ0 |
MD5: | 5BFB37398A8739D751266A216A070F66 |
SHA1: | 61412B871A07F07F9B1D0598B03F45DE5055762B |
SHA-256: | 6654E2CD70E94C0DF6D400A1A311EF2048473C3FECD61C6D76288E0B11F6E77F |
SHA-512: | 4A535F6941AE344233A071B3A5E04473F77B24C82EC21778D405019A8DC39F78B516F594AC29D5D878595A07137A6AD021CC214C97201FE5DF3BF5405B28502D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 225967 |
Entropy (8bit): | 5.62856445840315 |
Encrypted: | false |
SSDEEP: | 3072:yUXQNADvhPuuS82K9eH5UWidjOHLP6lC0KGTCNLY+3Ozey4WijhHJvfN7BZy9:OPqWKKT3u+NC4W0fNU |
MD5: | C6DDC92D5448E304A3734E167AA27F3A |
SHA1: | 7CCCF975C5190654CB1D1264B53CEE8F5BC5A863 |
SHA-256: | 95110C36EA1E06E3F74E6E6BC6BEB94AF32D867CD4AB364D90F53773FB5AFD08 |
SHA-512: | 3615EFED949845901AAA37E848B212A7EF0D3E31AAA11896C53BA074AC0F9CED73F7341CE6F4FEEA5D61E4B137177D4A8133E9A74A780DB830AEFDC5862125BC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 298779 |
Entropy (8bit): | 4.404260012828611 |
Encrypted: | false |
SSDEEP: | 3072:oy7pQA4QiFWF4AEl8qSC84aQpW1ZaMondC07EpBTh2lipBbJ4IDboeq:o35Al1e |
MD5: | 518EABDCA3C23F2CD40987C15C3184E5 |
SHA1: | 733367184D305AECB1EB8062F8E9E4B3155BB42C |
SHA-256: | F19692D21D4E7232AA14A1E8653B594E77DAA0F512227843FAA334511F183E26 |
SHA-512: | 15E48CD882D06930D103DA38FBC8967E2B0DF13E7A88B5DF6F8E5AB3EF5C347830A9817574C34C8F8949F6C5220C6C38070FCE42E97B495A2DBF8E0F8D5558E4 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 299443 |
Entropy (8bit): | 7.9635098115442915 |
Encrypted: | false |
SSDEEP: | 6144:mbJ0F6V3McbEG1RugYA9gHaSfgj/5avUjjzY9/k6ex3Mh0O5qw:o0i3MpA9g6SI7YUjjc9yx3MJh |
MD5: | DB2FA7AF15BFF26038A8F9002E295A40 |
SHA1: | 65B9F52E56D4F7535C01E2DBAD9EA5622ACFCF2F |
SHA-256: | 50AF8EF32BFB634E6508BEF4D6B1E8740023FF32305FA969F36AED7AE55AED35 |
SHA-512: | 34E9C7F1E0EE734F17668EAE9332A866E8EFABF7CE81394EE8BDDA788E1581F4A9323A7FB566EA24D5590CDE27F29F9206656990E46FF6967085BB4FD9350419 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.539411659056302 |
Encrypted: | false |
SSDEEP: | 24:9HE4Qt3+Ri45l+3mMIRW0QgbEL8JhQm46EWLR1gmcEy:udt3+Ri45l+WJoTH4J2mGWd1+Z |
MD5: | 2372C82DB2B5977877CA02FD643DFC10 |
SHA1: | BDFA3C625E3620CF2CA9DFB349FD73EC0EDDA645 |
SHA-256: | E468C5223B0E36710B0430A8F664B434DEC2A3B058603AF3282EDDBE62A996F6 |
SHA-512: | 8269DAE425E15CCEE965CAE401B3BDB6398D13F2B63CA3040CE1B0845CD874994820DE0D850578099F1AE25C3A27AB9F2456D2ED044CF92506A309A133E03153 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50 |
Entropy (8bit): | 4.448367439558377 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQYm/0S4YWW7orvn:HRYFVm/r4YFo7n |
MD5: | FC1E05873C9D464E374366092FC226A3 |
SHA1: | D58AFD89E33A709E20BCEEF81DCB2FC88A05C4AF |
SHA-256: | 34C6F429648B294039A085097E6485BFB4F19F1CE43654534C4119E7DB6CD797 |
SHA-512: | 129C49E17AAE96603CDC0A0C2B9644ED46C9E3DF285FCFE325ED882335BF1CA160C4B9D42C254267BDA69C679D668E6E1DAC1518B6222D1800249F0602F5B947 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106640 |
Entropy (8bit): | 6.818161398972172 |
Encrypted: | false |
SSDEEP: | 1536:/ZZZg5wwcuBil+UaTJwb6Y2FadNyPLxbuvtmgMbFuQh5gRbbbbbbbGUvy+yx:DDkjtqwIAg0FuQh5g0Uv |
MD5: | 0CE639618B3E361EFA1B09CF8FFE3D95 |
SHA1: | A1A08B5914A16772CCD9D699D938115E1618D424 |
SHA-256: | D34FB573DBB827161A4FFB22A6F06F8AC30778CCC5C8B173950B9D49BA2795C2 |
SHA-512: | 249D12F438CF25C42A1ECC3F0BBF10E985DD88C7E5F3137C757EF5E6614D33FC3916675F32481B7BB448464CA37BB5E20B088D7E0BCCBF17525F07D42969A976 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 503440 |
Entropy (8bit): | 6.790981016396434 |
Encrypted: | false |
SSDEEP: | 6144:kee+bf9cK2+k5NkwaFmMNf6HMdeI3aji2ek+OKHepZwgL7SCr+Sf9EAOmDGPnc:q8Me6IA1ek+/SVEU+ |
MD5: | EF19B06FF151B46589DE08CDD17F5282 |
SHA1: | BA552C68FB231615731CFAEF3703FEAACA7B5794 |
SHA-256: | 56A31BF39A191303F1B4D8766F481B974D35F3E39EB9525D8E4E88989F7B6F0D |
SHA-512: | C87CDED8B3E7D954785534764C7665D08A5B4E30A8E1F8C4ED3D017BB9C27C64944C9C3C95BB0832B6B17C3EE86412BA23F4CA215FCDCD792002E5E64E02F2AD |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86264 |
Entropy (8bit): | 7.106001835624037 |
Encrypted: | false |
SSDEEP: | 1536:rmsAYBdTU9fEAIS2PEtuo83hvVVZ+L8hRKPy6PTZ7xxB:qfY/TU9fE9PEtuh+fy6PTZF |
MD5: | 83BC9466FA5B28383A14C226D792896A |
SHA1: | 7504F83E247DF1CFFC4B29BF61660EA9CF25A4A9 |
SHA-256: | 4EF87F73E6B7A7DA6745DA4F9B304BE375B9EBCF2341D366565D40F5FABEC77B |
SHA-512: | D2211C52BCCAFFEF54E2AC45FED86454799D1C4658B7CC517E7AA6E8848F8F0396492B5005E428122049B8066E3D9943CCEB5EF2468FC1660CDB80ED0D2E6214 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\FastStone Capture Help.lnk
Download File
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1186 |
Entropy (8bit): | 4.631282139390456 |
Encrypted: | false |
SSDEEP: | 24:8mYlGP6EtdOEB7eFGJwAA8yWdQVJ4dL/oUUl7qygm:8mYlGPttdOAi4pA8Td+GdL/9byg |
MD5: | E4E19CF1D06CA94661C36337DCD0B2EF |
SHA1: | 35BD2964F63A9178A7310DBB7F22FE55D3A41F9A |
SHA-256: | A58A772F4CD1D256AD0D716BE777BDBC8F48BC0A1DD0B38F0E74F31AAEBBD3F3 |
SHA-512: | 4B8ED4DC7715DF69AF1A05A9B678E1359E88129AE6FCC1F6E59B32A02F8BCFA07476B52231125A852D4FF2C82F0A939757D87FFEB2AB4EB9F4DA0C8FEA31DC0E |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\FastStone Capture.lnk
Download File
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1166 |
Entropy (8bit): | 4.620172167775995 |
Encrypted: | false |
SSDEEP: | 24:8mxRuH46EtdOEBucOUUAk81UdQVOgdL/oUUlnqygm:8mxRuH4ttdOAu5Qk8Kd+OgdL/9nyg |
MD5: | E47563E0521E7CD09C71F30FE4148EB2 |
SHA1: | 5746B853BE57193AD7610DFBF3CFB7466DDE9294 |
SHA-256: | 31048B149FC77727839B540647E36C3F429A1ECCA236D4E2616DEC3559555A2F |
SHA-512: | 9A7DE3DBA93EC70998A007D4AB65A99D2D2BC7360E2C47270E9FE86F1475B512895F1A7BC4EB1EC24F1015044CE2CA13E40477A9AE5A8F7E6B1C825593963918 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\Uninstall FastStone Capture.lnk
Download File
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1149 |
Entropy (8bit): | 4.622070953552665 |
Encrypted: | false |
SSDEEP: | 24:8meTYf6EtdOEgVPR8ADcdCGgdL/oUUl/qygm:8mZttdOlVPR7DcdCGgdL/9nyg |
MD5: | 371919597AB41E2BFA7B9BF59E738960 |
SHA1: | 9212A1574D8E5EBE8912D520B69BDEAB828CED7C |
SHA-256: | BF6B7E2ADB081AFF4C26E8B9DF968D2B017B56A0393C56C8EE5CB44F125B3BF1 |
SHA-512: | 19F7BF73D91E0C500DB137258914C64F824F7AC2A7817B9DEA1BB2932B7C34153B4CEAC30A3136591AA98AE7DD889E2F3FE0E3F60E88337E2DC0906DCCC8F6D3 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\Visit www.FastStone.org.lnk
Download File
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1154 |
Entropy (8bit): | 4.594823221399007 |
Encrypted: | false |
SSDEEP: | 24:8mE/6EtdOEBVUubAKQrd6CdL/oUUlHqygm:8mQttdOABMKQrd6CdL/93yg |
MD5: | 6A3CCFE69685308213004BE9A25B7932 |
SHA1: | F28C847D2074DA3D5E8A19472CCA8D140A7B1460 |
SHA-256: | 07F608EA42ED8FD05C82A08FAFB06CFD095DF3F8093563B962D5DE022BB460EE |
SHA-512: | 9AE55746FB2468C9EBD9A3E593FED165C9B11B67764E17CA7A82456410D08E655F61B7239D8446E738F48E6FD4B2899A56208EAA0B5C5BF7B1E9598CE71AF7E9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1148 |
Entropy (8bit): | 4.6376238162703665 |
Encrypted: | false |
SSDEEP: | 24:8mx+46EtdOEBucOUUAk81RdQVOgdL/oUUlnqygm:8mx+4ttdOAu5Qk8fd+OgdL/9nyg |
MD5: | E55FF78CE489A03302829FD09F6DE135 |
SHA1: | 36083C821B2F413C36A0C1FCA9B8B0943E0C0311 |
SHA-256: | 71DA05C757C034CEA473650219927AD23B3053BF0C90287EB162249119AF468B |
SHA-512: | 88BAAB8C8647F9504C4C675124EE7E15C8D62EB1AD558281A3B35DAD332241E352388AD219F5372B42A3B2E7119E0E3CD7910B535E0F9D78C3C094C4BC0BA3FC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15872 |
Entropy (8bit): | 5.471852540236525 |
Encrypted: | false |
SSDEEP: | 384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p |
MD5: | ECE25721125D55AA26CDFE019C871476 |
SHA1: | B87685AE482553823BF95E73E790DE48DC0C11BA |
SHA-256: | C7FEF6457989D97FECC0616A69947927DA9D8C493F7905DC8475C748F044F3CF |
SHA-512: | 4E384735D03C943F5EB3396BB3A9CB42C9D8A5479FE2871DE5B8BC18DB4BBD6E2C5F8FD71B6840512A7249E12A1C63E0E760417E4BAA3DC30F51375588410480 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44032 |
Entropy (8bit): | 5.825224158327635 |
Encrypted: | false |
SSDEEP: | 768:SA49ATJ9ONLkh9J5lDYDzG8yVAf7hiJFkkAqnTEDlV4vihdk:SA4CJ9OFpXf0AfNiTkIMrhdk |
MD5: | 552CBA3C6C9987E01BE178E1EE22D36B |
SHA1: | 4C0AB0127453B0B53AEB27E407859BCCB229EA1B |
SHA-256: | 1F17E4D5FFE7B2C9A396EE9932AC5198F0C050241E5F9CCD3A56E576613D8A29 |
SHA-512: | 9BCF47B62CA8FFA578751008CAE523D279CDB1699FD916754491899C31ACE99F18007ED0E2CBE9902ABF132D516259B5FB283379D2FEAD37C76B19E2E835E95A |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1362 |
Entropy (8bit): | 3.6739774731888986 |
Encrypted: | false |
SSDEEP: | 24:Q+sxvtSSAD5ylSjqWCs7y6PaGk9nUvO6k8l6yCxG/wCk6ZEcbYpPm8aH65OESC+d:rsx9AQSjqQtaGq8l6Jwgg/8aNEo |
MD5: | 34A7D2A7AF0A88E8363F46E5BA8DBDF9 |
SHA1: | 0141380A908310D2BFDF09A38F4A5C7191175874 |
SHA-256: | C010E479C847960AE3EF4B9C1E4ED67E0E5A40D82B2199749012584AB65C189D |
SHA-512: | BFF2104C25B7CA3093E1AFD7731B8EA84C5A2D94AEBD7F90E9E911AD3C11873FDD66F1D9E0D6AECF4CDF20B25D820EB60615B5011127DA91C8145AC2F7FFA6D1 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26494 |
Entropy (8bit): | 1.9568109962493656 |
Encrypted: | false |
SSDEEP: | 24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz |
MD5: | CBE40FD2B1EC96DAEDC65DA172D90022 |
SHA1: | 366C216220AA4329DFF6C485FD0E9B0F4F0A7944 |
SHA-256: | 3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2 |
SHA-512: | 62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32544867 |
Entropy (8bit): | 6.641357634400061 |
Encrypted: | false |
SSDEEP: | 393216:0NyDxBnY6BEwDaqOO2tAmSIbejC8MsaO8spyg372iQdbGEsKKhIkDUogGf:VZ5p2tAmlejX7xfKKNXf |
MD5: | C27BCBE5BEC8D7934E99409F7C488115 |
SHA1: | E5161EBBAFE61B18CB73A9CFDB02E67F889A8D22 |
SHA-256: | 59DD410C628ECCD245E06C78CAC3FBAF892D8C3B155C750BDBFF10584D19A259 |
SHA-512: | 918475FF4355404EF00EDD5042C1B6992F0B89E2EBC612E7DFD12CA8141C5CD571443627A01ABB6D415E7B02FC4C5C1149736E2B1951E73B334599330F86E698 |
Malicious: | false |
Yara Hits: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.999592105471024 |
TrID: |
|
File name: | FSCaptureSetup107.exe |
File size: | 9'173'144 bytes |
MD5: | 28627a37983f5dc8e00d9c03c7b2dec6 |
SHA1: | dcfdb2464c29de44c6df1c1c0f5cf4a5342cfadb |
SHA256: | 762463fe496836bc1e6c6a58703f45182575b29494753df3145cd5c563e07f8c |
SHA512: | 78b25654eb1a3bc4a8912363dcf9d29c43228b0d8f55c8650c3c5995f950bcff25c3c7a38da07a589d1f95f08c8703b97bb7f4f7bcae697d9bcd2f98d1c7d79b |
SSDEEP: | 196608:L7yoYklb5pQI7m0XROHSUwwP9295bYiB+Y4NMQXIld:L7LD95pQIrEvJP9295bRB+Y4od |
TLSH: | 2D963348A4130C9CEE223135CD21560E6FA93B8177F6EE7737610F2DB411958BE94BEA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*..... |
Icon Hash: | 3d2e0f95332b3399 |
Entrypoint: | 0x403640 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 61259b55b8912888e90f516ca08dc514 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | AB94EFC876100EC3D079F9D89BD41FAC |
Thumbprint SHA-1: | BA12BAAAC329C2CF0196B8BE73D529CFD13C621D |
Thumbprint SHA-256: | 90FDFFC9FAB65412F1BB5CBCD27B874F48E448DD088BC700EBF2E49C39505962 |
Serial: | 0B617EE9ED189A94423BE7BB7564F0BF |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A230h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080C8h] |
mov esi, dword ptr [004080CCh] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F069C4FD17Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F069C4FD14Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [0042A318h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d000 | 0x2e28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x8bcf10 | 0x2988 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6676 | 0x6800 | 6f5abe9eeda26ee84b3c1ed1a6c82001 | False | 0.6568134014423077 | data | 6.4174599871908855 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x139a | 0x1400 | 8c5edfd8ff9cc0135e197611be38ca18 | False | 0.4498046875 | data | 5.141066817170598 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20378 | 0x600 | 4b2421975c21b032f7ea000f5e7f9fbf | False | 0.509765625 | data | 4.110582127654237 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2b000 | 0x12000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3d000 | 0x2e28 | 0x3000 | 6cc7344ca24af0ae995c058bd4b01acf | False | 0.2158203125 | data | 3.6865643644558053 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x3d628 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
RT_ICON | 0x3d910 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.3952702702702703 |
RT_DIALOG | 0x3da38 | 0xb4 | data | English | United States | 0.6111111111111112 |
RT_DIALOG | 0x3daf0 | 0x120 | data | English | United States | 0.5138888888888888 |
RT_DIALOG | 0x3dc10 | 0x202 | data | English | United States | 0.4085603112840467 |
RT_DIALOG | 0x3de18 | 0xf8 | data | English | United States | 0.6290322580645161 |
RT_DIALOG | 0x3df10 | 0xee | data | English | United States | 0.6302521008403361 |
RT_DIALOG | 0x3e000 | 0xa0 | data | English | United States | 0.6 |
RT_DIALOG | 0x3e0a0 | 0x10c | data | English | United States | 0.5111940298507462 |
RT_DIALOG | 0x3e1b0 | 0x1ee | data | English | United States | 0.3866396761133603 |
RT_DIALOG | 0x3e3a0 | 0xe4 | data | English | United States | 0.6359649122807017 |
RT_DIALOG | 0x3e488 | 0xda | data | English | United States | 0.6467889908256881 |
RT_DIALOG | 0x3e568 | 0xa4 | data | English | United States | 0.6158536585365854 |
RT_DIALOG | 0x3e610 | 0x110 | data | English | United States | 0.5183823529411765 |
RT_DIALOG | 0x3e720 | 0x1f2 | data | English | United States | 0.39759036144578314 |
RT_DIALOG | 0x3e918 | 0xe8 | data | English | United States | 0.6508620689655172 |
RT_DIALOG | 0x3ea00 | 0xde | data | English | United States | 0.6621621621621622 |
RT_DIALOG | 0x3eae0 | 0xa0 | data | English | United States | 0.60625 |
RT_DIALOG | 0x3eb80 | 0x10c | data | English | United States | 0.5111940298507462 |
RT_DIALOG | 0x3ec90 | 0x1ee | data | English | United States | 0.38866396761133604 |
RT_DIALOG | 0x3ee80 | 0xe4 | data | English | United States | 0.6447368421052632 |
RT_DIALOG | 0x3ef68 | 0xda | data | English | United States | 0.6513761467889908 |
RT_DIALOG | 0x3f048 | 0xac | data | English | United States | 0.6337209302325582 |
RT_DIALOG | 0x3f0f8 | 0x118 | data | English | United States | 0.5321428571428571 |
RT_DIALOG | 0x3f210 | 0x1fa | data | English | United States | 0.40118577075098816 |
RT_DIALOG | 0x3f410 | 0xf0 | data | English | United States | 0.6666666666666666 |
RT_DIALOG | 0x3f500 | 0xe6 | data | English | United States | 0.6652173913043479 |
RT_GROUP_ICON | 0x3f5e8 | 0x22 | data | English | United States | 0.9705882352941176 |
RT_VERSION | 0x3f610 | 0x324 | data | English | United States | 0.417910447761194 |
RT_MANIFEST | 0x3f938 | 0x4ec | XML 1.0 document, ASCII text, with very long lines (1260), with no line terminators | English | United States | 0.4857142857142857 |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:00:22 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\FSCaptureSetup107.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 9'173'144 bytes |
MD5 hash: | 28627A37983F5DC8E00D9C03C7B2DEC6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:00:41 |
Start date: | 07/10/2024 |
Path: | C:\Program Files (x86)\FastStone Capture\FSCapture.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x710000 |
File size: | 7'563'656 bytes |
MD5 hash: | D5AC941C445B6EB907D0B96D84F15FE7 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 28.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16.6% |
Total number of Nodes: | 1392 |
Total number of Limit Nodes: | 48 |
Graph
Function 00403640 Relevance: 93.2, APIs: 34, Strings: 19, Instructions: 450stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405809 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 284windowclipboardmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404AB5 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 275stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004040C5 Relevance: 63.4, APIs: 34, Strings: 2, Instructions: 357windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404783 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004066A5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040459D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040579D Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C82 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004023F4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.2% |
Dynamic/Decrypted Code Coverage: | 49.2% |
Signature Coverage: | 0.8% |
Total number of Nodes: | 120 |
Total number of Limit Nodes: | 4 |
Graph
Function 077D523C Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005DEA6 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076CE91 Relevance: .2, Instructions: 150COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076C9A4 Relevance: .1, Instructions: 52COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076CA49 Relevance: .0, Instructions: 49COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076D03B Relevance: .0, Instructions: 10COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076D059 Relevance: .0, Instructions: 5COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0076C73C Relevance: .0, Instructions: 4COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005C2F6 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100344A0 Relevance: 16.9, APIs: 11, Instructions: 364COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 077D2890 Relevance: 16.7, APIs: 11, Instructions: 192COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100326E0 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1004BBD0 Relevance: 13.9, APIs: 9, Instructions: 390COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100411B0 Relevance: 13.7, APIs: 9, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100327C0 Relevance: 12.1, APIs: 8, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100324E0 Relevance: 12.1, APIs: 8, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005A0AD Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1004A010 Relevance: 10.7, APIs: 7, Instructions: 211COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100495C0 Relevance: 10.7, APIs: 7, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1004C8B0 Relevance: 10.7, APIs: 7, Instructions: 200COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100325F0 Relevance: 10.5, APIs: 7, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100083F0 Relevance: 9.3, APIs: 6, Instructions: 346COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100418C0 Relevance: 9.3, APIs: 6, Instructions: 262memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10041630 Relevance: 9.2, APIs: 6, Instructions: 175memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100346D8 Relevance: 9.2, APIs: 6, Instructions: 158COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100413B0 Relevance: 9.1, APIs: 6, Instructions: 123memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005A130 Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10032420 Relevance: 9.0, APIs: 6, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10059180 Relevance: 7.9, APIs: 5, Instructions: 424COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10036190 Relevance: 7.9, APIs: 5, Instructions: 424COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1003C250 Relevance: 7.9, APIs: 5, Instructions: 374COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10054830 Relevance: 7.8, APIs: 5, Instructions: 298COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001AD0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10031820 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1003E670 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000A020 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 077D389D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005A339 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005A0A1 Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 077D644F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005C023 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10036D40 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000A100 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10031FF0 Relevance: 6.2, APIs: 4, Instructions: 171COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10032B90 Relevance: 6.1, APIs: 4, Instructions: 88memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10037D20 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10004030 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1005A02F Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|