Windows
Analysis Report
Register.dll
Overview
General Information
Detection
Score: | 30 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 2052 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\Reg ister.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 6496 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6904 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\Reg ister.dll" ,#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 3392 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", #1 MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 2728 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 392 -s 652 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 1280 cmdline:
rundll32.e xe C:\User s\user\Des ktop\Regis ter.dll,Ac tiveApp MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 4088 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 280 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 5696 cmdline:
rundll32.e xe C:\User s\user\Des ktop\Regis ter.dll,Ac tiveAppSpe cial MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 5504 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 696 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 6956 cmdline:
rundll32.e xe C:\User s\user\Des ktop\Regis ter.dll,Ac tiveTrial MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 5388 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", ActiveApp MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7160 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 388 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 3944 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", ActiveAppS pecial MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 5208 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 944 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7016 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", ActiveTria l MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 592 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", ValidateTh readLicens e MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6280 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", GetSurplus Days MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7128 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", GetLicense Type MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 5772 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 128 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 1208 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", ClearTrial Data MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6820 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", CheckTrial Installed MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 6548 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", CheckLicen seLocatin MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 3708 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Regi ster.dll", CheckDbVal ue MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 6212 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 708 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Click to jump to signature section
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040C904 | |
Source: | Code function: | 0_2_0040CB84 | |
Source: | Code function: | 0_2_00407618 | |
Source: | Code function: | 4_2_0040C904 | |
Source: | Code function: | 4_2_0040CB84 | |
Source: | Code function: | 4_2_00407618 | |
Source: | Code function: | 5_2_0424C904 | |
Source: | Code function: | 5_2_0424CB84 | |
Source: | Code function: | 5_2_04247618 | |
Source: | Code function: | 12_2_0040C904 | |
Source: | Code function: | 12_2_0040CB84 | |
Source: | Code function: | 12_2_00407618 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0048A650 |
Source: | Code function: | 0_2_004B76AC |
Source: | Code function: | 0_2_004C7378 |
Source: | Code function: | 0_2_00470008 | |
Source: | Code function: | 0_2_004D2020 | |
Source: | Code function: | 0_2_004024C0 | |
Source: | Code function: | 0_2_004764C8 | |
Source: | Code function: | 0_2_0047C5B8 | |
Source: | Code function: | 0_2_004D4700 | |
Source: | Code function: | 0_2_00406D9C | |
Source: | Code function: | 0_2_004C7378 | |
Source: | Code function: | 0_2_0047540C | |
Source: | Code function: | 0_2_004AB5D0 | |
Source: | Code function: | 0_2_0042F58C | |
Source: | Code function: | 0_2_00475660 | |
Source: | Code function: | 0_2_00475914 | |
Source: | Code function: | 0_2_00499A24 | |
Source: | Code function: | 4_2_00470008 | |
Source: | Code function: | 4_2_004D2020 | |
Source: | Code function: | 4_2_004024C0 | |
Source: | Code function: | 4_2_004764C8 | |
Source: | Code function: | 4_2_0047C5B8 | |
Source: | Code function: | 4_2_004D4700 | |
Source: | Code function: | 4_2_00406D9C | |
Source: | Code function: | 4_2_004C7378 | |
Source: | Code function: | 4_2_0047540C | |
Source: | Code function: | 4_2_004AB5D0 | |
Source: | Code function: | 4_2_0042F58C | |
Source: | Code function: | 4_2_00475660 | |
Source: | Code function: | 4_2_00475914 | |
Source: | Code function: | 4_2_00499A24 | |
Source: | Code function: | 5_2_042B64C8 | |
Source: | Code function: | 5_2_042424C0 | |
Source: | Code function: | 5_2_042BC5B8 | |
Source: | Code function: | 5_2_04314700 | |
Source: | Code function: | 5_2_042487F6 | |
Source: | Code function: | 5_2_04312020 | |
Source: | Code function: | 5_2_042B0008 | |
Source: | Code function: | 5_2_04246D9C | |
Source: | Code function: | 5_2_04256908 | |
Source: | Code function: | 5_2_042B540C | |
Source: | Code function: | 5_2_0426F58C | |
Source: | Code function: | 5_2_042495DC | |
Source: | Code function: | 5_2_042EB5D0 | |
Source: | Code function: | 5_2_042B5660 | |
Source: | Code function: | 5_2_04307378 | |
Source: | Code function: | 5_2_042B5914 | |
Source: | Code function: | 5_2_042D9A24 | |
Source: | Code function: | 12_2_00470008 | |
Source: | Code function: | 12_2_004D2020 | |
Source: | Code function: | 12_2_004024C0 | |
Source: | Code function: | 12_2_004764C8 | |
Source: | Code function: | 12_2_0047C5B8 | |
Source: | Code function: | 12_2_004D4700 | |
Source: | Code function: | 12_2_00406D9C | |
Source: | Code function: | 12_2_004C7378 | |
Source: | Code function: | 12_2_0047540C | |
Source: | Code function: | 12_2_004AB5D0 | |
Source: | Code function: | 12_2_0042F58C | |
Source: | Code function: | 12_2_00475660 | |
Source: | Code function: | 12_2_00475914 | |
Source: | Code function: | 12_2_00499A24 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00488AAC |
Source: | Code function: | 0_2_0040CF02 |
Source: | Code function: | 0_2_0048DEB0 |
Source: | Code function: | 0_2_004089F2 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Code function: | 0_2_004D813E | |
Source: | Code function: | 0_2_004D7B6D | |
Source: | Code function: | 0_2_0047606C | |
Source: | Code function: | 0_2_0049208C | |
Source: | Code function: | 0_2_0042E170 | |
Source: | Code function: | 0_2_004561AB | |
Source: | Code function: | 0_2_004D615A | |
Source: | Code function: | 0_2_00466160 | |
Source: | Code function: | 0_2_004A421A | |
Source: | Code function: | 0_2_004C6214 | |
Source: | Code function: | 0_2_0042C22D | |
Source: | Code function: | 0_2_004542D5 | |
Source: | Code function: | 0_2_0040833D | |
Source: | Code function: | 0_2_0040833D | |
Source: | Code function: | 0_2_004AC35F | |
Source: | Code function: | 0_2_004842DF | |
Source: | Code function: | 0_2_0046A2E8 | |
Source: | Code function: | 0_2_0046E393 | |
Source: | Code function: | 0_2_004623E0 | |
Source: | Code function: | 0_2_004945C2 | |
Source: | Code function: | 0_2_0045A5A8 | |
Source: | Code function: | 0_2_004C8621 | |
Source: | Code function: | 0_2_00490680 | |
Source: | Code function: | 0_2_0044065B | |
Source: | Code function: | 0_2_004206FD | |
Source: | Code function: | 0_2_00490862 | |
Source: | Code function: | 0_2_00416E08 | |
Source: | Code function: | 0_2_00422985 | |
Source: | Code function: | 0_2_0043E9F5 | |
Source: | Code function: | 0_2_00432AA0 | |
Source: | Code function: | 0_2_00422AE9 |
Persistence and Installation Behavior |
---|
Source: | Code function: | 0_2_004C7378 | |
Source: | Code function: | 0_2_004C764C | |
Source: | Code function: | 4_2_004C7378 | |
Source: | Code function: | 4_2_004C764C | |
Source: | Code function: | 5_2_0430764C | |
Source: | Code function: | 5_2_04307378 | |
Source: | Code function: | 12_2_004C7378 | |
Source: | Code function: | 12_2_004C764C |
Boot Survival |
---|
Source: | Code function: | 0_2_004C7378 | |
Source: | Code function: | 0_2_004C764C | |
Source: | Code function: | 4_2_004C7378 | |
Source: | Code function: | 4_2_004C764C | |
Source: | Code function: | 5_2_0430764C | |
Source: | Code function: | 5_2_04307378 | |
Source: | Code function: | 12_2_004C7378 | |
Source: | Code function: | 12_2_004C764C |
Source: | Code function: | 0_2_00490074 | |
Source: | Code function: | 0_2_004BE398 | |
Source: | Code function: | 0_2_00496D58 | |
Source: | Code function: | 0_2_004BED60 | |
Source: | Code function: | 0_2_00496DD8 | |
Source: | Code function: | 0_2_004BDA28 | |
Source: | Code function: | 0_2_00499A24 | |
Source: | Code function: | 4_2_00490074 | |
Source: | Code function: | 4_2_004BE398 | |
Source: | Code function: | 4_2_00496D58 | |
Source: | Code function: | 4_2_004BED60 | |
Source: | Code function: | 4_2_00496DD8 | |
Source: | Code function: | 4_2_004BDA28 | |
Source: | Code function: | 4_2_00499A24 | |
Source: | Code function: | 5_2_042D0074 | |
Source: | Code function: | 5_2_042FE398 | |
Source: | Code function: | 5_2_042FED60 | |
Source: | Code function: | 5_2_042D6D58 | |
Source: | Code function: | 5_2_042D6DD8 | |
Source: | Code function: | 5_2_042FDA28 | |
Source: | Code function: | 5_2_042D9A24 | |
Source: | Code function: | 12_2_00490074 | |
Source: | Code function: | 12_2_004BE398 | |
Source: | Code function: | 12_2_00496D58 | |
Source: | Code function: | 12_2_004BED60 | |
Source: | Code function: | 12_2_00496DD8 | |
Source: | Code function: | 12_2_004BDA28 | |
Source: | Code function: | 12_2_00499A24 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Code function: | 0_2_004A0790 | |
Source: | Code function: | 4_2_004A0790 | |
Source: | Code function: | 5_2_042E0790 | |
Source: | Code function: | 12_2_004A0790 |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: |
Source: | Last function: |
Source: | Code function: | 0_2_0040C904 | |
Source: | Code function: | 0_2_0040CB84 | |
Source: | Code function: | 0_2_00407618 | |
Source: | Code function: | 4_2_0040C904 | |
Source: | Code function: | 4_2_0040CB84 | |
Source: | Code function: | 4_2_00407618 | |
Source: | Code function: | 5_2_0424C904 | |
Source: | Code function: | 5_2_0424CB84 | |
Source: | Code function: | 5_2_04247618 | |
Source: | Code function: | 12_2_0040C904 | |
Source: | Code function: | 12_2_0040CB84 | |
Source: | Code function: | 12_2_00407618 |
Source: | Code function: | 0_2_0040828E |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-64717 | ||
Source: | API call chain: | graph_4-64738 | ||
Source: | API call chain: | |||
Source: | API call chain: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: |
Source: | Code function: | 5_2_0426CE78 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_004CA434 |
Source: | Code function: | 0_2_00407814 | |
Source: | Code function: | 0_2_00412370 | |
Source: | Code function: | 0_2_00412322 | |
Source: | Code function: | 0_2_00412324 | |
Source: | Code function: | 0_2_0040794F | |
Source: | Code function: | 4_2_00407814 | |
Source: | Code function: | 4_2_00412370 | |
Source: | Code function: | 4_2_00412322 | |
Source: | Code function: | 4_2_00412324 | |
Source: | Code function: | 4_2_0040794F | |
Source: | Code function: | 5_2_04247814 | |
Source: | Code function: | 5_2_04252324 | |
Source: | Code function: | 5_2_04252322 | |
Source: | Code function: | 5_2_04252370 | |
Source: | Code function: | 5_2_0424794F | |
Source: | Code function: | 12_2_00407814 | |
Source: | Code function: | 12_2_00412370 | |
Source: | Code function: | 12_2_00412322 | |
Source: | Code function: | 12_2_00412324 | |
Source: | Code function: | 12_2_0040794F |
Source: | Code function: | 0_2_0040F2D4 |
Source: | Code function: | 0_2_00430F78 |
Source: | Code function: | 0_2_004D80C0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00484FE8 | |
Source: | Code function: | 4_2_00484FE8 | |
Source: | Code function: | 5_2_042C4FE8 | |
Source: | Code function: | 12_2_00484FE8 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Command and Scripting Interpreter | 1 Bootkit | 11 Process Injection | 11 Virtualization/Sandbox Evasion | 11 Input Capture | 2 System Time Discovery | Remote Services | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | 11 Input Capture | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Archive Collected Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 11 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Bootkit | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Rundll32 | Cached Domain Credentials | 35 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1531071 |
Start date and time: | 2024-10-10 20:12:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 37 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Register.dll |
Detection: | SUS |
Classification: | sus30.winDLL@39/30@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: Register.dll
Time | Type | Description |
---|---|---|
14:13:45 | API Interceptor | |
14:13:48 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_05c1c5a9-feca-4ea1-8b83-1995f0382e3d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.882699185522906 |
Encrypted: | false |
SSDEEP: | 192:mcZitOU60BU/wjeTFXzuiFeZ24IO8dci:FikUBBU/wjexzuiFeY4IO8dci |
MD5: | F3471E446BFAA8F68F1786F1E33FC63D |
SHA1: | 04BADCC459BE8611747021724521BBF7C8F5CFBE |
SHA-256: | B953614D8F176C122AAD8A2E4F8D7874DD30E2CC4FA0DF869797911D36254612 |
SHA-512: | 7F813C60F1851F8657ADDDED1742A976C8A86072845922BC3E71B4B894BA762938AE5F3C3C7EFA3EB0EB032BC2F387802A280FEA51C47485207C8ED82A5C75A2 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_073317ce-26e9-4a8b-899e-5ad5b4c14d2f\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8831292141662811 |
Encrypted: | false |
SSDEEP: | 192:vb/zDi4Ox60BU/wjeTFXzuiFeZ24IO8dci:TnipxBBU/wjexzuiFeY4IO8dci |
MD5: | 318CA753EE79496BE953DCBDA29017A5 |
SHA1: | 72E132B298A64BE114A6995BCC6D2014E4DDA962 |
SHA-256: | 4A8E7B5484044E149DEA517D91DC63ADB1D50A369EC6A026EB0560B365ED6219 |
SHA-512: | CED2362CD4BB515077D5B98C3F5E0CB70138DAB2DEC6E8D2051180A33DF407D1ADEDD8704EDA3BF34C7B6698487EF9A49566D6681D3E2E3D591B554182DF3854 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_25afbb4a-fb05-4299-89cc-552653051d94\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8831870350292702 |
Encrypted: | false |
SSDEEP: | 96:ZkF/6i9KhVyPsj94sSTsfuQXIDcQvc6QcEVcw3cE/O/a/z+HbHg/BQAS/YyNl4EA:2EiYOP60BU/wjeTFXzuiFeZ24IO8dci |
MD5: | CD083E6AD41A461CA7491FF219A531E6 |
SHA1: | 75A7C0CAC3CB937BFD4E5A01280E58C155366C75 |
SHA-256: | C6D704F5469EA0A5069678FE886A78D4A900F7D9767620123889DF2E0846DD3E |
SHA-512: | 9ABE6DF8B788755139D3D1BCD0535E5535751B724A710CA52B746F6BAAD15A61528DF1460F0047D843B6F69EF4E11FA852576BFD38460B71A680C5E11783B8F5 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_7840c9f2-9337-4ce2-ae78-4357fbd0b120\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8831810337711334 |
Encrypted: | false |
SSDEEP: | 192:fgipOTZ60BU/wjeTFXzuiFeZ24IO8dci:IiANBBU/wjexzuiFeY4IO8dci |
MD5: | 2F03D982104F5C61C1650584660D4520 |
SHA1: | 2CA936A490FF56117E13A2CFCE41F5938850BD10 |
SHA-256: | 3741A5E15E39F975FD9DDC0B16586A7F448FD2C78FFF127CF9942FE484953392 |
SHA-512: | 99E58457B4ECA5CC14BDC9EDA7ACD85EB212C095DFF7B9440195F7F17C2BEFB8A66600B359D79EB52531E351E3079599D403645D84A700144AA772AAB1183C86 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_935ab68d-2b79-41b7-8cda-70829c04b3ae\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8830051585662363 |
Encrypted: | false |
SSDEEP: | 96:UhFK6ichVy8sj94sSTsfuQXIDcQvc6QcEVcw3cE/O/a/z+HbHg/BQAS/YyNl4Efo:gticO860BU/wjeTFXzuiFeZ24IO8dci |
MD5: | C6D32559F67AA33CA9780E900C2D3A65 |
SHA1: | FD36BA1FA61A8FA77071B78573EF39227AD2C0FC |
SHA-256: | 536001FE018B5B9F3997BC0F5271461CFA3CFD225C555F3E2EDA438817212BAC |
SHA-512: | 27E5644F745C30A18B0A9B413DC6667494014C2D20FD67DC3ED79209F722F28C241F448C426841993287D85527592D181F1124C51CD4F3C49ECFEA161CAA5B71 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_a503244f-1a73-41ca-95dd-8c855909acd8\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8830661211603622 |
Encrypted: | false |
SSDEEP: | 192:33p1ijOQd60BU/wjeTFXzuiFeZ24IO8dci9:np1iqSBBU/wjexzuiFeY4IO8dci9 |
MD5: | ED8EB5AB6F1C9E8C19DC1A35388BC4AD |
SHA1: | A2A84ED33ACE8B0629974A11C8432807DF12FEB8 |
SHA-256: | 2524A519EFD1C23344F88209FE445FFDC75B181171306DA0738D171D031D34E0 |
SHA-512: | 7FE9BB02E4BC35FC793ABDD31AD2A1E933B63499EDF3B789781C37BF4D18DDC5C2FFA4307AF888208B2488F7A7B6EB4545C07B167364901EE9E638500E7CA6D8 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_f4a64302-c074-4cf3-a3fa-2c6a200a88d5\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8829779694691272 |
Encrypted: | false |
SSDEEP: | 96:t9FS6ia4hVy2sj94sSTsfuQXIDcQvc6QcEVcw3cE/O/a/z+HbHg/BQAS/YyNl4EA:fFitO260BU/wjeTFXzuiFeZ24IO8dci |
MD5: | 467C15AC2F2F9F4F11FC1EF22A5DFDFC |
SHA1: | 23E28A2D42309DF9932722A91A1C8D9E4512F399 |
SHA-256: | 8BB531E5DCB28E239FF04C86B17AAC52E19D9B4596DE29533F3EF1116D0E3D38 |
SHA-512: | C87FF3DBAE8E3C3312723F1990E4D58E88BA09A325721FEB532A8921B8EC604E229F6A7DFC9515EEF067E65ECFF3AEE4A713015D5488D3B1CCCEE6799C5737B7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43196 |
Entropy (8bit): | 1.9965361892649462 |
Encrypted: | false |
SSDEEP: | 192:MdeZ68X6ilO5H47foahW/cCLqNmsUTwnJdD:i5HM1W/ciqNsi |
MD5: | ECB357DDAC6CCAA15F168C80E188C089 |
SHA1: | 2E30081BABCAF43D9CE58FAAF946D53327133360 |
SHA-256: | B9C46D73C8DED7859F9E029BE672F48932B0FDE0ECBE0B0CBF3CE30BBDA486F3 |
SHA-512: | 5582F240B45882AF5C5D1C93A3E8CCF36A8E2A9B0305568B1FEF028B9A82D8CA6AD8FB708386391EE66F3581CA4C1FD0C88444F63C1371CE02E5E41924661D45 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44876 |
Entropy (8bit): | 1.9189676478506956 |
Encrypted: | false |
SSDEEP: | 192:MnVZTEXrXK5O5H4qWWRMFpSggJKbI4zi:+Q5HjWeMFpLg0 |
MD5: | 98E6482176F963E7FF47509C940F74B2 |
SHA1: | 6F32EA3E263B80CED964CDE5BBD06DD80017DDA2 |
SHA-256: | 64A9BC1684FED4B3929144E2EDAB28EE9ADB4A2698659ED63F0F0BE091495356 |
SHA-512: | 441F8689B820DAFC1B39918FB2719A019A9AC57E69F957BC317A6F6FC1B3E63D585911075D3F0DBDA6A7592896BCCBD27E87CDE69734B8240F7C2C0AAAF8D4BE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8262 |
Entropy (8bit): | 3.6909472189662114 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJmL6IU66YH16HgmfTy3prB89bJWsfWjm:R6lXJC6IU66YV6HgmfTyUJ1fD |
MD5: | 4D0DF6366C984A1DFB3C5D548A3EFF4D |
SHA1: | 956C55D84A0DA8C9720D7FAED4C1F8917599C4C2 |
SHA-256: | 32DA13FA7FC38ED063FA894992DBC44A8EBE090864DF7155B7E563251F2F39C2 |
SHA-512: | 3ABACC44A975C9BA407864A79C36C5A4DC7803E1D2CBF3CBF998CDCB80A843BB0EFDEDC009437BA54276E5EEE442243F0563FC6F8359168008EAEC6A1D218EB6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8264 |
Entropy (8bit): | 3.693920432127488 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ+Y6IUs8n6Y9aH66BgmfTy3prt89bJSLsfPjm:R6lXJJ6IUs8n6Yo6cgmfTygJSQfi |
MD5: | 4FC86504DA493A07C6C6FCE76E162F91 |
SHA1: | 0C1299B829E15FB4A6EC5E48B7E39FEC0414C3E7 |
SHA-256: | 0C5BE4E7FD7313376BB61C7048A4EBA4EFD2B7DE716F63EB8CF789CF96D700E9 |
SHA-512: | 2594EDF3CE8A9D4879DDB0BFA54BB4B9A8763BEAAECD8ADD8C4C8310607E75D881F7712293CA310DAA0BA17563DCE093FD053EFAD81A2E304C47B86E3B8218A9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.4602137115471585 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VYJYm8M4JCdPy+hFDj+q8/40LZxEGScS4d:uIjfkI79V7V9Jl+nj90kJ34d |
MD5: | A215D4173D408E86A79323BE423687C9 |
SHA1: | 457D6A4DDB9C9C80EE5793F0F61343182683F544 |
SHA-256: | C97FA987A100967CF01E9DB5673DF531EA7BDE83CC97898748101344294850D6 |
SHA-512: | 418F685C84A805918CFA43AFEC36350B35CEFFCE3635C665E07D6AAFAE972D1C1F591B6B5E1C5B6C8B67B9EDD4973956158A99338CD798599B29A0DF05AF0C06 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.460709932021838 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VYeYm8M4JCdPy+hFf+q8/40LDxGScSad:uIjfkI79V7VCJl+b90JJ3ad |
MD5: | 46745BFFE3916559C3FB747103D49C11 |
SHA1: | AC1880A93CD073D96306CE39A9E4BA84CBC668D0 |
SHA-256: | D3EFADAB24865F3473DF95AC17621AC8B4B15DB7C3701B40FF710382FC723CD3 |
SHA-512: | 6D53DE6A91C9975045481A1B6FA770F4276FEB2E03E14283E240969F94F230ADE1F237AEB4740ACA2DCB56F2647BCE1C9CEC67CB556D1594D1C1AFE4AEC6A62E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43936 |
Entropy (8bit): | 1.9729227084345455 |
Encrypted: | false |
SSDEEP: | 192:yJZI8XkxO5H4vzCnh2Dqd+wTIwmOVS6ueuT0Bg:c5Ho2h2avVVu1A |
MD5: | 152DAACE14E0760F99E80BECBF5A5793 |
SHA1: | 5108788673E69D18A324CEE1B6A00E9128447A9D |
SHA-256: | 0FD12E3BB42A72DF1EF80570E270C852503D3E93343DC1B41C3070A55471A128 |
SHA-512: | 974868EFE24AA0B7C250178CF73DE737A5F9A8F0968BD1B856B373C7BC9A8FEF90BDA9458AA74CEF695BA8D649E7046C0D4FFDBF3953BDAA5EC8977A4B935846 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8264 |
Entropy (8bit): | 3.693226911135219 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJha6IU+6YHY6mgmfTy3pra89byQsfw/cGm:R6lXJM6IU+6Y46mgmfTy5yjfwM |
MD5: | 56E6B587C1D18104BEEC131204B918E3 |
SHA1: | F2B8566A762D7AFC994182759CCAD158B55D7C54 |
SHA-256: | 8A215520D9139E25F9914E892C55F1A302C6B675F954EBF87EB368148C7F8DB6 |
SHA-512: | 008A4DCA18F080D2C5A2DF77020062BA2569E1572CC70D57FB794DCD90ED6EAE340BBB78E82E5EFED6F312420860CC1EB2C273EDBDB6AAC5631B44030D5B38A9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.463007910722485 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VYBYm8M4JCdPy+hFy+q8/40LIGScSrd:uIjfkI79V7V5Jl+G90UJ3rd |
MD5: | 292BD5500EC37AD0905AEAA53A63A653 |
SHA1: | A73494D539BF7BAC1CF207F6CDF80F1C0062C17A |
SHA-256: | 06C46B830BC6EE40126B582A206D78A9C21BF50325EE241FCA0E03054BEE89DF |
SHA-512: | 092FFB2376D066CB313FF4E863DFA69F56E066F18701F58F0CEF94C541EA3A67C3D740447A80384163A8D7117DE1EAC33AC6E82EACC3AC5CFDE2A7E62B15EDE2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43900 |
Entropy (8bit): | 1.9373043362815237 |
Encrypted: | false |
SSDEEP: | 96:5Q8oU0j0DuOurX8q1DWMwXDn87Yroi75I4v4qTs/wE0eKrIIxP5bEyYeAQrKVkjx:d1JuAXeO5H4iHrIGlh24sCzkO6N |
MD5: | EADCAFF71647C48A62C890A99834ABF2 |
SHA1: | 4D2F66FCDDAB365F12FC3B93FB0A071672CBFB8C |
SHA-256: | AB55EF2ED378B98802FF9FAB3F2E2028891A624C53382FFB7CF7C5BF87B499B0 |
SHA-512: | D4DA55721C362AD63AFA50EB5CF44F316ABFB9D4B91DE8A4E3673F91E62B9E74E1EA094E2602404B3FA552A02567204896F2389D8647828DCBAB2E059BA59D9B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44800 |
Entropy (8bit): | 1.9041099720484573 |
Encrypted: | false |
SSDEEP: | 96:538KKs0j0DuOurX8q0DWSwXDn8CToi75I4v4qHV35yprKVkjS68LWx4Wqx9avYfL:qfsJJKXqO5H44y2t/luhR27TNI96 |
MD5: | D701034A295513B518243D08DB794704 |
SHA1: | 9A2F9AFE1905DDCB7243BA3BB4780A3514913166 |
SHA-256: | ED2E166C3B46E18EEBA0576F918F91DF569D6A12CA16CA06FF941D713A9DE5CA |
SHA-512: | 5FA441B59638A2002B9EB6E4682C0C5FFA8959A1FE5336D0126B08CBD33D544A72359918BFBD75972709567D5E5E5FFABC079A5C429089AEA0DE1D58AF49559D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44860 |
Entropy (8bit): | 1.9366340501964783 |
Encrypted: | false |
SSDEEP: | 192:dhJV8XdxKO5H4OuO4L/Cyo0ZhQ4l9BQYi:0n5Hx4LLXQc9x |
MD5: | 2EFA7A2D4027EE3A702DD1D450E9B90A |
SHA1: | 8389B5B225C8D80E1CFC7570D09EE1AB8CEE7CE4 |
SHA-256: | CFF232E86A3E8B2F2B41BBD9017783B8CD5CD8477E83F25D707EA49A35010C07 |
SHA-512: | ADE8F759739556ADE76E51643B7568D1FD1883899B4E31BCD4790814E3B02ED7F6FC872AC786179E37E133B293E82300C656C2158DC7AC997279C2994E4F91E5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8286 |
Entropy (8bit): | 3.6933972139754174 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJjHA6IU+UC6YHDT6bgmfTy3prd89b4UsfzIm:R6lXJk6IU+UC6YjT6bgmfTyw4Hfp |
MD5: | 3C9B002326A5EDE268FECC31BCDB317C |
SHA1: | 7DA0881276CA06EDCB20D7DFC6C0D1A406D2DF1C |
SHA-256: | FC19A0F4AB9549A39DF49BE1F64987DA2828DCE6ACB6219D8E6225505B006458 |
SHA-512: | 7466643AF0084D51D2B192B17C13FEAD6EE207822DCBB2A2406E4F31905AC4B652D80B70A526C791E6AE669E534903AD5358520646862E11A564278FE6B1DF7D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.4622719540969715 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VYPYm8M4JCdPy+hFg+q8/40Lw1GScSvd:uIjfkI79V7VjJl+M90wJ3vd |
MD5: | 08E87F5EF8B948523119CEE4104D4A11 |
SHA1: | B3D16B65D261E2F9D7E2DE96856DD8F8E72EF58E |
SHA-256: | 4714EC2637D390920AB02862F0E4D34D66B51756E2329EF7B2348B8AD5E32E0D |
SHA-512: | E606677B347FEF9227424E3FEC441E1A822D8DA66897411A7E649A425CDFC0C8B700C06308DB83950A4D6AE9912435751AA1110ED62BB09C8904235F2CAFED45 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8286 |
Entropy (8bit): | 3.6938742710559542 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ5G6IUR6YHDu6VgmfTy3prQ89bY6sfnom:R6lXJY6IUR6Yju6VgmfTy3YZft |
MD5: | 0E5B3954673D84FB749B1E670C55CFA3 |
SHA1: | 542A614D99A77D492ED1E45E91E53076559778D2 |
SHA-256: | 60CD30C86812E7159CF3E3956E606B5AEAE78FFA5055D9CD526C00412F569D1F |
SHA-512: | 518F99A5E75D8F43F5E67A830C5001B92563D8D3A4BEED3A80A84D91882948C2C52BF5FBFD90F76B83D7140AD8B5395B026DBDB0477E682ED9FC46DAFFDA2AEB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44288 |
Entropy (8bit): | 1.9333999397851058 |
Encrypted: | false |
SSDEEP: | 192:qUFJsDXRO5H4qtzo3OWFwgBM/a6SadgeiHiv:rV5HPtSOWFwgBM/Aageic |
MD5: | F818E7492D053DE70562F88EE31408CD |
SHA1: | FA4FACC2AF0909DA0A697271FC186149C699D80C |
SHA-256: | 14E6C6F896C886DD1CADB9E995610E6391CF62CAA3808DB5B50027E4301938FB |
SHA-512: | 910A5B6D0C8EB4077208C826131E30C0EC0213D3ABFDE6A5B71378AEF67446E4F4FABA0A64B098AD28A176828817CE88C9F8458F9977F3D52C32BBF5F5C1E3BD |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.46077206532534 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VY+oJYm8M4JCdPy+hFtp+q8/40L1GScSBd:uIjfkI79V7VNoYJl+xp90xJ3Bd |
MD5: | 909ED6AF7389718F8402C9A8A1569D64 |
SHA1: | 31AFE60FCF63D5FA8310D5654EEBA1B73267E06A |
SHA-256: | 65DE9C52F2DA3A7E18BA20851D086F0F05536BC7FD0E578611D6B058E0B600C6 |
SHA-512: | 512509303B01EF1153AF63000A4E35DA89882CC31561E97ED7A9A282A8B6EABFD607DE06D7ED175C11EA5E2C6115C3F5E41971C3240A81AD80F3C8ABEB898FB8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8286 |
Entropy (8bit): | 3.692478602063614 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ/i6IUL8F6YHDU6VgmfTy3prx89bYxsfgom:R6lXJa6IUL8F6YjU6VgmfTyUYqfG |
MD5: | 2A9FB864EAAA79A521084A2375E46E62 |
SHA1: | 0E7D157B03E92A4E9DB427BD359030661505A5A7 |
SHA-256: | 8FAE14477F9958D1AD283A1A106689B06E581F83E7957ED11BE9EB390E1DC1A7 |
SHA-512: | 0C57A2650C520C66D073A8953DCDEC54716406D83A9A889B3621FC08D88BEAC05AD54AA5B7F395A842D8F4742B580A5C97F8B8B1A36D34AF63A22EF12E8C9888 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.460346362935363 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VY+pPYm8M4JCdPy+hFe+q8/40LdHGScSUd:uIjfkI79V7VNpSJl+C90ZJ3Ud |
MD5: | 3FC74249224F25B6225619045455AB76 |
SHA1: | E0D760313CF71AE09E0F27EEA125CEC087F2B73E |
SHA-256: | 6768DB4299163FA3847397AC9171F6C6B899D86D953DEEBCCB07758DAF28E421 |
SHA-512: | 42701F8BF95BD93E55EE22B9010B3F4C2BCEC26186A63C23FE35CBFA52B4F7D5E7847C71F22B9AEDBD300F1BC03471F8D597B1880AB88C8A13D9CA7E62F99EDD |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8290 |
Entropy (8bit): | 3.692532213717321 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJp7l6IU2Bg16YHQ6xgmfTy3prA89bYusf0dpNom:R6lXJP6IU2Bg16Yw6xgmfTy3Ytfspn |
MD5: | DCC90A6E9739D6E7900835DE488E03A3 |
SHA1: | 359AFAF39D806D7E486C39B8A911F9B65C3B8121 |
SHA-256: | 998F473DA9AB1EB3F684DD61755B79F8FBE1B7E6744C587B94FE63F9DE094088 |
SHA-512: | F17F7A1C92F2D0CFBBFF90CB3B0717E271DE7429B2FC0F9289A85125C497413DDFAFD753BC381AF8CD5CE0581E18F3504EED8579A562AB0B3948001EA61A181C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.462582358215878 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuJg77aI9vcWpW8VY+bYm8M4JCdPy+hFT/+q8/40L/GScSFd:uIjfkI79V7VN+Jl+P/90LJ3Fd |
MD5: | 58AF3858F94D107C6C95E3DBC2527FBE |
SHA1: | B8EDE3B4AF0654F38079FB7F631341C33CFAB86A |
SHA-256: | 076FB54BC8EFF2AD345069299B9662CC3497868ED6A2BCCC64BA421734A7E186 |
SHA-512: | F50779B6E0F2106FE412ADE00C878F9EABDEC29417DA5D2D56117A6F7011FE53906CF1F025C00B40327ADADFDA35055634F20683B7CC95723906563AA40D8E54 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 138 |
Entropy (8bit): | 3.5165238831051426 |
Encrypted: | false |
SSDEEP: | 3:Q+RlCQ8ql62fEPlnlACuelSJsaz+o5d8UpljlWUIY:Q+cqRsdOCXlSiw+9Up7TF |
MD5: | 582467533A2E4ADD0E131C41590CCC49 |
SHA1: | 899E2A63C938F3B154A9AC32D869E704E4FC3209 |
SHA-256: | FC734CD1EB023A4BF907060BEC404438B646174C1E9130E52332CF051AD7E432 |
SHA-512: | 598671E55C7F6C83F43C88184E3AEA036A17893F85D741C29C41186EAC424FDE09B8A3770937D1B17FDA8876E1113C3771FB58B64ABCDFEB86920C5296B1E60F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.469390992421116 |
Encrypted: | false |
SSDEEP: | 6144:6zZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNFjDH5S:cZHtYZWOKnMM6bFpHj4 |
MD5: | 2EFE27590EA35404D2F2F60E40BB77B2 |
SHA1: | E0020D692C5065B31155F9A934249EECC06490AE |
SHA-256: | 19CDD8CE38C877007E14EACD38C217A38057412EBB68D481D139326C80B1D0D7 |
SHA-512: | 31A5100CAD7ECB3635D70D7A5F98741E4354C666A594715103EC5DE16630E8DE4DE131CDE1CA2E43EEDEC27E55047255D67339C2DAFCC1267D2E8F29A0BAD07C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.564787951526749 |
TrID: |
|
File name: | Register.dll |
File size: | 1'081'320 bytes |
MD5: | 40b9628354ef4e6ef3c87934575545f4 |
SHA1: | 8fb5da182dea64c842953bf72fc573a74adaa155 |
SHA256: | 372b14fce2eb35b264f6d4aeef7987da56d951d3a09ef866cf55ed72763caa12 |
SHA512: | 02b0ea82efbfbe2e7308f86bfbec7a5109f3fe91d42731812d2e46aebedce50aabc565d2da9d3fbcd0f46febbff49c534419d1a91e0c14d5a80f06b74888c641 |
SSDEEP: | 24576:k0Rdvjw14ZCWQuTs54Qbz27j7BS2Nv+4BT8+u60:BDZ2zAj7pXT3i |
TLSH: | 43354D12A3D54433D0721F7A8D6AD6946C29BD312EA4D84E3EF8DB4C0F39B81AD34697 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 334c3ecbabbbb7b7 |
Entrypoint: | 0x4d8238 |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, DLL, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x64E5D0FE [Wed Aug 23 09:27:26 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | ee94d9d14cff80538936ff9d276ecfc1 |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8AD2A09EBDD6E8444414E1FFE7FC9683 |
Thumbprint SHA-1: | 145D90AD3134C665246DC1C93CD3E2D8C69E9231 |
Thumbprint SHA-256: | 12DBEE7AA5DBB550CEEDC6172E5C34BA577759D8926AAFF08A781552B7FABDE9 |
Serial: | 008BA1F172FD50BA8D4C11B74FFAC8A282 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC0h |
mov eax, 004D6164h |
call 00007F18C8610DD1h |
mov eax, 004D6118h |
mov dword ptr [004E7B54h], eax |
mov eax, 00000001h |
call 00007F18C86DEA31h |
call 00007F18C860D72Ch |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xef000 | 0x13b | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xec000 | 0x2de2 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xff000 | 0xfe00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x103400 | 0x4be8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xf0000 | 0xe290 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xec894 | 0x704 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xd56ac | 0xd5800 | d67b70365334734c6e08bca32ea3869c | False | 0.46091691671545665 | data | 6.449284035390792 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0xd7000 | 0x1264 | 0x1400 | 8c4e0c59edea32510dd2fc359879747b | False | 0.5447265625 | data | 5.72139447807262 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xd9000 | 0xb164 | 0xb200 | 68a6dd0b318987d37d203aeed6677ec3 | False | 0.6231127106741573 | data | 6.693348141527325 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0xe5000 | 0x64f0 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xec000 | 0x2de2 | 0x2e00 | da1b477683fbb7c68c5e79625417dcb6 | False | 0.321586277173913 | data | 5.221216674467505 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0xef000 | 0x13b | 0x200 | a78efc9e9d4f3a9e4a6e52d862f95e3c | False | 0.478515625 | data | 3.6140460102232423 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xf0000 | 0xe290 | 0xe400 | 9ff30d8f9a6530cce81e8d9e2096ad39 | False | 0.5634594298245614 | data | 6.657552604480855 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0xff000 | 0xfe00 | 0xfe00 | 9d9c7749272b1d6e2bf5c952b3232998 | False | 0.2048474409448819 | data | 4.188120849256538 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0xff944 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0xffa78 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0xffbac | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0xffce0 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0xffe14 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0xfff48 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x10007c | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_ICON | 0x1001b0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Chinese | China | 0.2455440900562852 |
RT_STRING | 0x101258 | 0x23c | data | 0.40384615384615385 | ||
RT_STRING | 0x101494 | 0x3cc | data | 0.41975308641975306 | ||
RT_STRING | 0x101860 | 0xac | data | 0.7209302325581395 | ||
RT_STRING | 0x10190c | 0x140 | data | 0.584375 | ||
RT_STRING | 0x101a4c | 0x494 | data | 0.3796928327645051 | ||
RT_STRING | 0x101ee0 | 0x494 | data | 0.3890784982935154 | ||
RT_STRING | 0x102374 | 0x2e4 | data | 0.41621621621621624 | ||
RT_STRING | 0x102658 | 0x494 | data | 0.3924914675767918 | ||
RT_STRING | 0x102aec | 0x39c | data | 0.420995670995671 | ||
RT_STRING | 0x102e88 | 0x2e4 | data | 0.43243243243243246 | ||
RT_STRING | 0x10316c | 0x44c | data | 0.39454545454545453 | ||
RT_STRING | 0x1035b8 | 0x398 | data | 0.4391304347826087 | ||
RT_STRING | 0x103950 | 0x3e4 | data | 0.35542168674698793 | ||
RT_STRING | 0x103d34 | 0x2e4 | data | 0.4391891891891892 | ||
RT_STRING | 0x104018 | 0x4c4 | data | 0.3155737704918033 | ||
RT_STRING | 0x1044dc | 0x3d4 | data | 0.3948979591836735 | ||
RT_STRING | 0x1048b0 | 0x380 | data | 0.34375 | ||
RT_STRING | 0x104c30 | 0x408 | data | 0.3682170542635659 | ||
RT_STRING | 0x105038 | 0x10c | data | 0.5410447761194029 | ||
RT_STRING | 0x105144 | 0xcc | data | 0.6029411764705882 | ||
RT_STRING | 0x105210 | 0x234 | data | 0.5070921985815603 | ||
RT_STRING | 0x105444 | 0x3d4 | data | 0.3163265306122449 | ||
RT_STRING | 0x105818 | 0x314 | data | 0.434010152284264 | ||
RT_STRING | 0x105b2c | 0x2c0 | data | 0.421875 | ||
RT_RCDATA | 0x105dec | 0x82e8 | data | English | United States | 0.11261637622344235 |
RT_RCDATA | 0x10e0d4 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x10e0e4 | 0x8d4 | data | 0.595575221238938 | ||
RT_GROUP_CURSOR | 0x10e9b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x10e9cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x10e9e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x10e9f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x10ea08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x10ea1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x10ea30 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x10ea44 | 0x14 | data | Chinese | China | 1.15 |
RT_VERSION | 0x10ea58 | 0x334 | data | Chinese | China | 0.47073170731707314 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | GetKeyboardType, LoadStringW, MessageBoxA, CharNextW |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle |
kernel32.dll | TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc |
user32.dll | CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout |
msimg32.dll | AlphaBlend |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, FrameRgn, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | lstrcpyW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualAlloc, TerminateProcess, SwitchToThread, Sleep, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetLastError, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, PeekNamedPipe, OutputDebugStringW, MultiByteToWideChar, MulDiv, MoveFileW, LockResource, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathW, GetTempFileNameW, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetPrivateProfileStringW, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibraryAndExitThread, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreatePipe, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CloseHandle |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegFlushKey, RegCreateKeyExW, RegCloseKey |
kernel32.dll | Sleep |
oleaut32.dll | GetErrorInfo, GetActiveObject, SysFreeString |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
shell32.dll | ShellExecuteW |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
shell32.dll | SHGetSpecialFolderPathW |
crtdll.dll | isalnum, isspace |
Name | Ordinal | Address |
---|---|---|
ActiveApp | 10 | 0x4d2020 |
ActiveAppSpecial | 9 | 0x4d3e6c |
ActiveTrial | 4 | 0x4d34ec |
CheckDbValue | 1 | 0x4cc2c4 |
CheckLicenseLocatin | 8 | 0x4d0f14 |
CheckTrialInstalled | 3 | 0x4cfc48 |
ClearTrialData | 2 | 0x4d5d14 |
GetLicenseType | 5 | 0x4d4150 |
GetSurplusDays | 6 | 0x4d4354 |
ValidateThreadLicense | 7 | 0x4d5e74 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | China |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 20:14:00.273318052 CEST | 53 | 54609 | 1.1.1.1 | 192.168.2.6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x810000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 14:13:39 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 14:13:42 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 14:13:42 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 14:13:45 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 18 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 19 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 21 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 23 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 24 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 25 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 26 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 27 |
Start time: | 14:13:48 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 29 |
Start time: | 14:13:49 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 14:13:49 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 14:13:49 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 14:13:49 |
Start date: | 10/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 7.5% |
Total number of Nodes: | 563 |
Total number of Limit Nodes: | 38 |
Graph
Function 00407814 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207registrystringlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040794F Relevance: 15.1, APIs: 10, Instructions: 108stringlibrarythreadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040828E Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C3E80 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 95libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C4368 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 108registrythreadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0AB8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 150comwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414A48 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 212threadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049FC94 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404AE8 Relevance: 6.2, APIs: 4, Instructions: 158threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455FBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E10 Relevance: 4.6, APIs: 3, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E14 Relevance: 4.6, APIs: 3, Instructions: 92threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E18 Relevance: 4.6, APIs: 3, Instructions: 92threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401844 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 38memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455E90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455E94 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426C9C Relevance: 3.1, APIs: 2, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004138EC Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CF2C Relevance: 3.0, APIs: 2, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FF8 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430314 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004093F6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004093F8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407574 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408434 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CDB0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D4700 Relevance: 39.4, APIs: 3, Strings: 19, Instructions: 883librarywindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484FE8 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 221pipeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407618 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D2020 Relevance: 22.2, Strings: 17, Instructions: 925COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BED60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C7378 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496DD8 Relevance: 12.1, APIs: 8, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AB5D0 Relevance: 10.9, APIs: 7, Instructions: 415COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C764C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BE398 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004764C8 Relevance: 5.5, Strings: 4, Instructions: 469COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0790 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BDA28 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00488AAC Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CB84 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C904 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B76AC Relevance: 1.7, APIs: 1, Instructions: 203COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430F78 Relevance: 1.6, APIs: 1, Instructions: 96timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CF02 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048DEB0 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412324 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412322 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412370 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F2D4 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496D58 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475914 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00475660 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047540C Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C5B8 Relevance: .8, Instructions: 789COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F58C Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470008 Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004024C0 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D9C Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004CA434 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004089F2 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048F2C4 Relevance: 86.0, APIs: 1, Strings: 48, Instructions: 268libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004CBA7C Relevance: 38.9, APIs: 3, Strings: 19, Instructions: 398fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048BF88 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 352windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A173C Relevance: 19.9, APIs: 13, Instructions: 429COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BF904 Relevance: 19.7, APIs: 13, Instructions: 248COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0E80 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 131windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C68 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409450 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004ACE6C Relevance: 16.6, APIs: 11, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B29AC Relevance: 16.6, APIs: 11, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AD9D4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C5B Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BC420 Relevance: 15.2, APIs: 10, Instructions: 197COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE58 Relevance: 15.1, APIs: 10, Instructions: 89synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B9EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5EB4 Relevance: 13.7, APIs: 9, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A001C Relevance: 13.6, APIs: 9, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A5DFC Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 217windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041465C Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D5E74 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BA9B8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B428 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004901CC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D88 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EDC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048909C Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020D4 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C0320 Relevance: 10.7, APIs: 7, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A27FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AABD4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004902BC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004903AC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048A548 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042BC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66threadsynchronizationwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049A058 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418848 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049C8B8 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1F9C Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004895A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00489A00 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048924C Relevance: 9.1, APIs: 6, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B58 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00488934 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402A18 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 277windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C5460 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 248sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048C8E8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1320 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75threadwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D76C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403B74 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484BBC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DE14 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00499020 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C4DDC Relevance: 7.7, APIs: 5, Instructions: 178COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049ADA8 Relevance: 7.7, APIs: 5, Instructions: 174windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004261E0 Relevance: 7.6, APIs: 5, Instructions: 142COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BBEF8 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497DD4 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D840 Relevance: 7.6, APIs: 5, Instructions: 86windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E8CC Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048BD00 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049EC24 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004891B4 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004126FC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A08A4 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004127B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3970 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111keyboardwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427388 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A2F08 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103timethreadwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041032C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F674 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A6388 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BB884 Relevance: 6.4, APIs: 4, Instructions: 359COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B9528 Relevance: 6.3, APIs: 4, Instructions: 308COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3D28 Relevance: 6.2, APIs: 4, Instructions: 212COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3790 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418590 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412A7C Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412A7A Relevance: 6.1, APIs: 4, Instructions: 112COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049F6F8 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048A360 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B9F68 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1E98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AB328 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048D28C Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BE4BC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1154 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5CE4 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5D68 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A31BC Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427A44 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041377E Relevance: 6.0, APIs: 4, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3B70 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0830 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B2AF0 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048D428 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497140 Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F668 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455ABC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AA604 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DD00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049068C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AA924 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00490750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 561 |
Total number of Limit Nodes: | 34 |
Graph
Function 00407814 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207registrystringlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040794F Relevance: 15.1, APIs: 10, Instructions: 108stringlibrarythreadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C3E80 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 95libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C4368 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 108registrythreadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0AB8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 150comwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414A48 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 212threadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049FC94 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404AE8 Relevance: 6.2, APIs: 4, Instructions: 158threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455FBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455E90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455E94 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426C9C Relevance: 3.1, APIs: 2, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430314 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456D04 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004093F6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004093F8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407574 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040828E Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CDB0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401844 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484FE8 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 221pipeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407618 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BED60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C7378 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00496DD8 Relevance: 12.1, APIs: 8, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AB5D0 Relevance: 10.9, APIs: 7, Instructions: 415COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C764C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BE398 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048F2C4 Relevance: 86.0, APIs: 1, Strings: 48, Instructions: 268libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004CBA7C Relevance: 38.9, APIs: 3, Strings: 19, Instructions: 398fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A173C Relevance: 19.9, APIs: 13, Instructions: 429COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BF904 Relevance: 19.7, APIs: 13, Instructions: 248COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0E80 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 131windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C68 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409450 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004ACE6C Relevance: 16.6, APIs: 11, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B29AC Relevance: 16.6, APIs: 11, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AD9D4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412C5B Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BC420 Relevance: 15.2, APIs: 10, Instructions: 197COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DE58 Relevance: 15.1, APIs: 10, Instructions: 89synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B9EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5EB4 Relevance: 13.7, APIs: 9, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A001C Relevance: 13.6, APIs: 9, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A5DFC Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 217windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041465C Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D5E74 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BA9B8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B428 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004901CC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D88 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EDC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048909C Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020D4 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C0320 Relevance: 10.7, APIs: 7, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A27FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AABD4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004902BC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004903AC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048A548 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042BC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66threadsynchronizationwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049A058 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418848 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049C8B8 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004895A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00489A00 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048924C Relevance: 9.1, APIs: 6, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B58 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00488934 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C5460 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 248sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048C8E8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1320 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75threadwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D76C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403B74 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00484BBC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DE14 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00499020 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C4DDC Relevance: 7.7, APIs: 5, Instructions: 178COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049ADA8 Relevance: 7.7, APIs: 5, Instructions: 174windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004261E0 Relevance: 7.6, APIs: 5, Instructions: 142COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BBEF8 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497DD4 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D840 Relevance: 7.6, APIs: 5, Instructions: 86windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E8CC Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048BD00 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049EC24 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004891B4 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004126FC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A08A4 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004127B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3970 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111keyboardwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427388 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A2F08 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103timethreadwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041032C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F674 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A6388 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BB884 Relevance: 6.4, APIs: 4, Instructions: 359COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B9528 Relevance: 6.3, APIs: 4, Instructions: 308COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3D28 Relevance: 6.2, APIs: 4, Instructions: 212COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3790 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418590 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412A7C Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412A7A Relevance: 6.1, APIs: 4, Instructions: 112COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049F6F8 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048A360 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1E98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AB328 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048D28C Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BE4BC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A1154 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5CE4 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B5D68 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A31BC Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427A44 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041377E Relevance: 6.0, APIs: 4, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3B70 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A0830 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B2AF0 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048D428 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00497140 Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402A18 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F668 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455ABC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AA604 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DD00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0049068C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AA924 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00490750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|