Windows
Analysis Report
Setup.exe
Overview
General Information
Detection
Score: | 7 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- Setup.exe (PID: 7508 cmdline:
"C:\Users\ user\Deskt op\Setup.e xe" MD5: 08ABA4235F18775205A1705D89676705)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00E12D30 | |
Source: | Code function: | 0_2_00E1A560 | |
Source: | Code function: | 0_2_00E15DD0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00E121A0 |
Source: | Code function: | 0_2_00E150F0 | |
Source: | Code function: | 0_2_00E2A259 | |
Source: | Code function: | 0_2_00E264EF | |
Source: | Code function: | 0_2_00E3A699 | |
Source: | Code function: | 0_2_00E2A671 | |
Source: | Code function: | 0_2_00E3884F | |
Source: | Code function: | 0_2_00E2D9F8 | |
Source: | Code function: | 0_2_00E2AAA6 | |
Source: | Code function: | 0_2_00E29CB0 | |
Source: | Code function: | 0_2_00E2DC27 | |
Source: | Code function: | 0_2_00E29D5D | |
Source: | Code function: | 0_2_00E2AEDB | |
Source: | Code function: | 0_2_00E31F40 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00E12D30 |
Source: | Code function: | 0_2_00E121A0 |
Source: | Code function: | 0_2_00E114B0 |
Source: | Code function: | 0_2_00E1A9B0 |
Source: | Code function: | 0_2_00E23070 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00E2717C | |
Source: | Code function: | 0_2_00E27679 | |
Source: | Code function: | 0_2_00E3F8D3 |
Source: | Code function: | 0_2_00E1CA80 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00E264EF |
Source: | Process information set: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-23562 |
Source: | API coverage: |
Source: | Code function: | 0_2_00E12D30 | |
Source: | Code function: | 0_2_00E1A560 | |
Source: | Code function: | 0_2_00E15DD0 |
Source: | Code function: | 0_2_00E273D6 |
Source: | Code function: | 0_2_00E1D1A0 |
Source: | Code function: | 0_2_00E331F9 |
Source: | Code function: | 0_2_00E3A256 |
Source: | Code function: | 0_2_00E273D6 | |
Source: | Code function: | 0_2_00E27568 | |
Source: | Code function: | 0_2_00E2767B | |
Source: | Code function: | 0_2_00E2BEA1 |
Source: | Code function: | 0_2_00E278E7 |
Source: | Code function: | 0_2_00E380C7 | |
Source: | Code function: | 0_2_00E3E1B7 | |
Source: | Code function: | 0_2_00E3E47A | |
Source: | Code function: | 0_2_00E3E42F | |
Source: | Code function: | 0_2_00E3E5A2 | |
Source: | Code function: | 0_2_00E3E515 | |
Source: | Code function: | 0_2_00E3E7F2 | |
Source: | Code function: | 0_2_00E3E91B | |
Source: | Code function: | 0_2_00E3EAEF | |
Source: | Code function: | 0_2_00E3EA22 | |
Source: | Code function: | 0_2_00E37CD4 |
Source: | Code function: | 0_2_00E15020 |
Source: | Code function: | 0_2_00E11070 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Access Token Manipulation | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 3 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 23 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532549 |
Start date and time: | 2024-10-13 16:58:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Setup.exe |
Detection: | CLEAN |
Classification: | clean7.winEXE@1/1@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Process: | C:\Users\user\Desktop\Setup.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 261 |
Entropy (8bit): | 4.872585858230478 |
Encrypted: | false |
SSDEEP: | 6:MKUlC6ME1wvovLMC4EXfewvOqC4KMKZblOCqUGwvoBMmJ1tCk8b:MP867mwvL14EXfZ2PDZNtwT1kk8b |
MD5: | DDCED15736A29A1599C11AEC1F345114 |
SHA1: | 21DF854FDD78301A6C3DD9CC71F4944EE3429AA7 |
SHA-256: | 786FB978A9768D7ACCB591EFFF0D13AD4397ABB7DAF55C1CB1F944D2F51A779A |
SHA-512: | 5A694F16CF6DCE0678BCD443F06DA5485FA521A01F6FAE9CFB0689EC8D32FE4B5452DBC7DBE2051C8A7388D147853CAFD85B9A9BB1CF545ED2BC9F06782BB398 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.4358614247609465 |
TrID: |
|
File name: | Setup.exe |
File size: | 391'376 bytes |
MD5: | 08aba4235f18775205a1705d89676705 |
SHA1: | d25fc234125ed0cb49608309a842043b7acc2e86 |
SHA256: | f8c59bf2647bc5ad0b69428864ac9b02cf4695a20130a6b171701285195c3c9f |
SHA512: | 005f8c085a1104fe3eaaf63880ca97b74b32dbb64d89aa08924ae74cb3c2f246ffa9c3272f3a14f63a57c72df76bf8da6c9504c9f35f06660beebc5fea0f0dd8 |
SSDEEP: | 6144:i8kiSrhTFpBoiB6VTquOmQ7YpAOMJjwvDW70PFn0wccccccccYwP+Tr:GiYTF5B6Veum6WnrTr |
TLSH: | 48843901B7D58031F6B22B32A97946B5487DBC719F35C2DFA3A4686DAD306D0DA70B23 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i....q...q...q.3.....q.3.....q.3.....q..Vr...q..Vt...q..Vu...q.bQt...q.Z.....q...p.".q..Vx...q..V....q.......q..Vs...q.Rich..q |
Icon Hash: | 55497933cc61714d |
Entrypoint: | 0x416c38 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66BA3562 [Mon Aug 12 16:16:34 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 1dbae0c3c95050b4a391eeaafa9311b1 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5CD08805D25FB6438745FAF795BDCD74 |
Thumbprint SHA-1: | 94100BECB61B9CE55DA61EBF558365F79304D63B |
Thumbprint SHA-256: | C9CF516456D66888F13B6B7E530BBC0E5F3D4FC4F1F2F989FEBB25D263C83E6F |
Serial: | 046D1D272BD29C149AA5FC5DE3445D21 |
Instruction |
---|
call 00007FBCCCDE0220h |
jmp 00007FBCCCDDFA23h |
jmp 00007FBCCCDE5211h |
cmp ecx, dword ptr [0044D070h] |
jne 00007FBCCCDDFB95h |
ret |
jmp 00007FBCCCDE05E1h |
push ebp |
mov ebp, esp |
jmp 00007FBCCCDDFBB1h |
push dword ptr [ebp+08h] |
call 00007FBCCCDED563h |
pop ecx |
test eax, eax |
jne 00007FBCCCDDFBA4h |
cmp dword ptr [ebp+08h], FFFFFFFFh |
jne 00007FBCCCDDFB99h |
call 00007FBCCCDE07EAh |
jmp 00007FBCCCDDFB97h |
call 00007FBCCCDE07C6h |
push dword ptr [ebp+08h] |
call 00007FBCCCDEA92Fh |
pop ecx |
test eax, eax |
je 00007FBCCCDDFB66h |
pop ebp |
ret |
push ebp |
mov ebp, esp |
test byte ptr [ebp+08h], 00000001h |
push esi |
mov esi, ecx |
mov dword ptr [esi], 0043955Ch |
je 00007FBCCCDDFB9Ch |
push 0000000Ch |
push esi |
call 00007FBCCCDDFB9Eh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007FBCCCDDFB1Eh |
pop ecx |
pop ebp |
ret |
push ebx |
push esi |
push edi |
push 00000000h |
push 00000FA0h |
push 0044E238h |
call 00007FBCCCDE4757h |
add esp, 0Ch |
push 0043710Ch |
call dword ptr [0043611Ch] |
mov esi, eax |
test esi, esi |
je 00007FBCCCDDFC22h |
push 0043734Ch |
push esi |
call dword ptr [00436120h] |
push 0043739Ch |
push esi |
mov ebx, eax |
call dword ptr [00006120h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4bcd0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x51000 | 0xd780 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x5d200 | 0x26d0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5f000 | 0x2f04 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x48dc0 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x48e8c | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x48e30 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x36000 | 0x268 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3438d | 0x34400 | ce9b91c9a67d6809c20dc6da4403d236 | False | 0.5168632251794258 | data | 6.57276571453631 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x36000 | 0x16a28 | 0x16c00 | 17a2a2d3ae57ab6703e8be65818a1b85 | False | 0.40117402129120877 | data | 5.044403567227042 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x4d000 | 0x1ed4 | 0x1000 | 7ad70cb1b86d6b94f9a985aeb2828fa3 | False | 0.216796875 | Matlab v4 mat-file (little endian) right (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED., text, rows 4294967295, columns 10 | 3.515306646918696 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gfids | 0x4f000 | 0x25c | 0x400 | ea9b19e5a77b700844a31d0535a500b6 | False | 0.3388671875 | data | 2.5771337581014975 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x50000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x51000 | 0xd780 | 0xd800 | 885861a6f551d1a22a28c97b41026bd7 | False | 0.29799623842592593 | data | 5.654578773646797 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5f000 | 0x2f04 | 0x3000 | 3401a59f241799dcc18270fc98e8353a | False | 0.7254231770833334 | data | 6.587576910047788 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x51450 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 0 | English | United States | 0.21341463414634146 |
RT_ICON | 0x51ab8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | United States | 0.34139784946236557 |
RT_ICON | 0x51da0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | United States | 0.5202702702702703 |
RT_ICON | 0x51ec8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.47334754797441364 |
RT_ICON | 0x52d70 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.6101083032490975 |
RT_ICON | 0x53618 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.596820809248555 |
RT_ICON | 0x53b80 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.2932572614107884 |
RT_ICON | 0x56128 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.4343339587242026 |
RT_ICON | 0x571d0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.7198581560283688 |
RT_STRING | 0x57990 | 0xc90 | data | English | United States | 0.2689676616915423 |
RT_STRING | 0x58620 | 0xba0 | data | English | United States | 0.4307795698924731 |
RT_STRING | 0x591c0 | 0x176 | data | English | United States | 0.6951871657754011 |
RT_STRING | 0x59338 | 0xe26 | data | English | United States | 0.25317504141358366 |
RT_STRING | 0x5a160 | 0xcc2 | OpenPGP Public Key | English | United States | 0.3312921004286589 |
RT_STRING | 0x5ae28 | 0x1202 | big endian ispell hash file (?), and 26880 string characters | English | United States | 0.2872017353579176 |
RT_STRING | 0x5c030 | 0x11f2 | data | English | United States | 0.2627340008707009 |
RT_STRING | 0x5d228 | 0xf08 | data | English | United States | 0.28586278586278585 |
RT_GROUP_ICON | 0x57638 | 0x84 | data | English | United States | 0.6363636363636364 |
RT_VERSION | 0x576c0 | 0x2d0 | data | English | United States | 0.47638888888888886 |
RT_MANIFEST | 0x5e130 | 0x64b | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1551), with CRLF line terminators | English | United States | 0.3116076970825574 |
DLL | Import |
---|---|
msi.dll | |
KERNEL32.dll | OpenProcess, CreateMutexW, OutputDebugStringW, GetSystemDefaultLCID, GetExitCodeProcess, TerminateProcess, CreateFileW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, LocalFree, WideCharToMultiByte, FormatMessageW, GetProcessHeap, GetLocaleInfoW, GetFileAttributesW, GetTempPathW, CreateDirectoryW, GetModuleFileNameW, GetLongPathNameW, FindFirstFileW, FindClose, GetLocalTime, Process32NextW, CopyFileW, GetCommandLineW, GetPrivateProfileStringW, Sleep, DeleteFileW, LoadLibraryW, FreeLibrary, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, InitializeCriticalSectionEx, RaiseException, DecodePointer, DeleteCriticalSection, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileW, Process32FirstW, CreateToolhelp32Snapshot, GetModuleHandleW, GetProcAddress, GetVersionExW, GetCurrentProcess, GetCurrentThread, CloseHandle, GetLastError, SetStdHandle, WriteConsoleW, ReadConsoleW, SetEndOfFile, SetFileAttributesW, FindFirstFileExW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, SetFilePointerEx, ReadFile, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetFileType, GetACP, GetModuleHandleExW, MultiByteToWideChar, GetStringTypeW, EncodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, LCMapStringW, GetCPInfo, SetEvent, ResetEvent, WaitForSingleObjectEx, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, RtlUnwind, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess |
USER32.dll | LoadStringW, PeekMessageW, ExitWindowsEx, MessageBoxW, MsgWaitForMultipleObjects, wsprintfW |
ADVAPI32.dll | RegSetValueExW, RegCreateKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegEnumValueW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, GetTokenInformation, OpenProcessToken, OpenThreadToken, CheckTokenMembership, CreateWellKnownSid, DuplicateToken |
ole32.dll | CoUninitialize, CoCreateInstance, CoInitialize |
SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW |
OLEAUT32.dll | VariantInit, VariantCopy, SysAllocString, VariantClear, SysFreeString |
SHLWAPI.dll | PathRemoveFileSpecW, PathFileExistsW, PathQuoteSpacesW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 10:59:00 |
Start date: | 13/10/2024 |
Path: | C:\Users\user\Desktop\Setup.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 391'376 bytes |
MD5 hash: | 08ABA4235F18775205A1705D89676705 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 5.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 10.6% |
Total number of Nodes: | 1045 |
Total number of Limit Nodes: | 10 |
Graph
Function 00E12D30 Relevance: 47.6, APIs: 18, Strings: 9, Instructions: 382windowfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E15020 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 68timeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1A9B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 101commemorywindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E41CF6 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E33D9A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E22070 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D130 Relevance: 2.5, APIs: 2, Instructions: 28COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E39B09 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E31E61 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E15DD0 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 209filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1A560 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 298filesleepwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D1A0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 160synchronizationCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E11070 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 106threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E121A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3E91B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3E5A2 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E23070 Relevance: 4.6, APIs: 3, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E380C7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E31F40 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3E7F2 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3EA22 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E27568 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2D9F8 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3A256 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3A699 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2AAA6 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2AEDB Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2A671 Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2A259 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2DC27 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E29CB0 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E17E30 Relevance: 79.2, APIs: 26, Strings: 19, Instructions: 475registryfilewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E19D60 Relevance: 54.6, APIs: 15, Strings: 16, Instructions: 378windowfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E14910 Relevance: 42.4, APIs: 5, Strings: 19, Instructions: 402windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E17130 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 242memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E16E30 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 242memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E144C0 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 282windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1AC90 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 115registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1B4B0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 157registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1A2C0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 114registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E31543 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E15930 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 313commemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1B850 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127libraryloaderwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E11FB0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 126processfilewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3CC86 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E18A80 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 135sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E14ED0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 97windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E34F3B Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1B6F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E19C60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 76windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1A470 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3D0AB Relevance: 10.7, APIs: 7, Instructions: 204COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3653E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1AAF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E24A90 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 46libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E21E10 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E39552 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E11220 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E11420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3323A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E116A0 Relevance: 7.6, APIs: 5, Instructions: 93processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E34B2D Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E11300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E24E90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E35672 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D8D0 Relevance: 6.2, APIs: 4, Instructions: 232COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E25350 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E37E36 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E252F0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2B944 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E3E016 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E24B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E24E50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E12A28 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|