Windows
Analysis Report
G9e272AEyo.exe
Overview
General Information
Sample name: | G9e272AEyo.exerenamed because original name is a hash value |
Original sample name: | f0f5b379dfbcd101a6abffae96082417.exe |
Analysis ID: | 1538233 |
MD5: | f0f5b379dfbcd101a6abffae96082417 |
SHA1: | 505849de091e311eb9ef7c413a18525b7338dc8e |
SHA256: | b779b04efc9be9517b8ae479e408f6054a0f7f8ef3d1af542d5c0c863566c165 |
Tags: | 64exe |
Infos: | |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- G9e272AEyo.exe (PID: 6580 cmdline:
"C:\Users\ user\Deskt op\G9e272A Eyo.exe" MD5: F0F5B379DFBCD101A6ABFFAE96082417) - conhost.exe (PID: 6596 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6704 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6732 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 6828 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6880 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 7012 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 7080 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 7108 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 4364 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 4820 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 6016 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 2180 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 928 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 2736 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3732 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1368 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 5432 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 908 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3584 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 6988 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 7128 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 6636 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 6752 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 6876 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 7068 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 7016 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 2304 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3916 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 2872 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 1284 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 480 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 4544 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 6112 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 5236 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - WerFault.exe (PID: 7124 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 580 -s 100 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_00007FF6482F9F3D | |
Source: | Code function: | 0_2_00007FF648315AD0 | |
Source: | Code function: | 0_2_00007FF64831CE40 | |
Source: | Code function: | 0_2_00007FF64831EF30 | |
Source: | Code function: | 0_2_00007FF6482FC1C0 | |
Source: | Code function: | 0_2_00007FF6482F9230 | |
Source: | Code function: | 0_2_00007FF6482FC220 | |
Source: | Code function: | 0_2_00007FF6482FC210 | |
Source: | Code function: | 0_2_00007FF6482F9300 | |
Source: | Code function: | 0_2_00007FF6483163F0 |
Source: | Code function: | 0_2_00007FF6482DF0E0 | |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF648308B00 |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FF6482F4A60 |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00007FF64831CE40 |
Source: | Code function: | 0_2_00007FF6482E8980 | |
Source: | Code function: | 0_2_00007FF6482E6980 | |
Source: | Code function: | 0_2_00007FF6482E7CC0 | |
Source: | Code function: | 0_2_00007FF6482F9F3D | |
Source: | Code function: | 0_2_00007FF6482D1530 | |
Source: | Code function: | 0_2_00007FF6482EF590 | |
Source: | Code function: | 0_2_00007FF6482D8990 | |
Source: | Code function: | 0_2_00007FF6483049F0 | |
Source: | Code function: | 0_2_00007FF648315AD0 | |
Source: | Code function: | 0_2_00007FF6482CEB70 | |
Source: | Code function: | 0_2_00007FF6482CABFD | |
Source: | Code function: | 0_2_00007FF6482F7CC0 | |
Source: | Code function: | 0_2_00007FF6482CDDE0 | |
Source: | Code function: | 0_2_00007FF64831CE40 | |
Source: | Code function: | 0_2_00007FF64831EEC0 | |
Source: | Code function: | 0_2_00007FF6482FA005 | |
Source: | Code function: | 0_2_00007FF6482C1000 | |
Source: | Code function: | 0_2_00007FF6482F9FFC | |
Source: | Code function: | 0_2_00007FF64830D220 | |
Source: | Code function: | 0_2_00007FF6482CD250 | |
Source: | Code function: | 0_2_00007FF6482E3330 | |
Source: | Code function: | 0_2_00007FF6482F53E0 | |
Source: | Code function: | 0_2_00007FF648309520 | |
Source: | Code function: | 0_2_00007FF648310580 | |
Source: | Code function: | 0_2_00007FF6482C955D | |
Source: | Code function: | 0_2_00007FF6483115B0 | |
Source: | Code function: | 0_2_00007FF6482FC5D0 | |
Source: | Code function: | 0_2_00007FF6482E0600 | |
Source: | Code function: | 0_2_00007FF6482C973B | |
Source: | Code function: | 0_2_00007FF6482E9840 | |
Source: | Code function: | 0_2_00007FF6482F2890 |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF6482D1D10 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6482E8980 |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF64831FD4C |
Source: | Code function: | 0_2_00007FF6483200E8 |
Source: | Code function: | 0_2_00007FF6482E8980 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00007FF64831F9F4 | |
Source: | Code function: | 0_2_00007FF64831FD4C | |
Source: | Code function: | 0_2_00007FF64831FEF4 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Code function: | 0_2_00007FF64831FF64 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF6482F4A60 | |
Source: | Code function: | 0_2_00007FF6483049F0 | |
Source: | Code function: | 0_2_00007FF64830B4F1 | |
Source: | Code function: | 0_2_00007FF6482E7630 | |
Source: | Code function: | 0_2_00007FF64830B750 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Windows Service | 1 Windows Service | 1 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | 1 Exploitation of Remote Services | 12 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Data Encrypted for Impact |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Service Execution | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 1 Native API | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 3 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Win64.Trojan.Generic | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
keyauth.win | 104.26.1.5 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.1.5 | keyauth.win | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538233 |
Start date and time: | 2024-10-20 21:09:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | G9e272AEyo.exerenamed because original name is a hash value |
Original Sample Name: | f0f5b379dfbcd101a6abffae96082417.exe |
Detection: | MAL |
Classification: | mal56.winEXE@69/22@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: G9e272AEyo.exe
Time | Type | Description |
---|---|---|
15:10:10 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.1.5 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
keyauth.win | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Blank Grabber, Umbral Stealer, XWorm | Browse |
| ||
Get hash | malicious | Discord Rat | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_G9e272AEyo.exe_38d8115434c1d6f4526792875acb23d414_949d7e63_24e1ab57-b402-426d-a902-b7bdba8ffb82\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9977624473406657 |
Encrypted: | false |
SSDEEP: | 96:w5uFetdsThIx7tfaQXIDcQMc6VhcEGcw3wpm+HbHg/8BRTf3o8Fa9KUNsPQ2w1Ib:BGdD0yfsEpjfVmUzuiFyZ24lO8nxS |
MD5: | 7CCB07F3CF5B84EB34E4B300F443738E |
SHA1: | 55DCD47A56E1680E9F00010EFA157B9E32FDB43C |
SHA-256: | DF9BF7015B57C255A4A109E74C128AFEDDD13D1F9539A7B59055066AAC53592B |
SHA-512: | 90F829F12691C8CF69C96E042F88631334412AA62585553116945EE8DE05E56927A87B0E27615E9F8270F9124F4AC6AD76C2FD6A41C523101B9AF8267B27C0C7 |
Malicious: | true |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106100 |
Entropy (8bit): | 1.6106783728828924 |
Encrypted: | false |
SSDEEP: | 384:n7NMclZ+0zZkORuKGf0f/3/sdDRtiqvO20N+zl:JF/+0VbRuKGQs5aZ0 |
MD5: | 1470CFD454F4EE6917102197D2C10E11 |
SHA1: | ED3798036F91E7B21C53501AFFC40EA654F391A1 |
SHA-256: | CA8C6A53A5104956DBAAE7171F316D860780BE8F5954C4859A76B4FF4F9B9D12 |
SHA-512: | 8F3653C17E898243E8266B328A31D1884F12DD468EEEFC43C85AEF7BC713DBB750AF9561A4AC9B96F210F41A42252146DA6FFC37764869D537BB1E907DC5CAE6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10132 |
Entropy (8bit): | 3.7087127831487043 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJcWL6Y9txmGgmfZnEprT89b42lfgom:R6lXJFL6Y3MGgmfZn148fm |
MD5: | 710609471681C07D73979964D74B4060 |
SHA1: | D08272E9909FCB9B292DB38CCB52DECBEC4ED918 |
SHA-256: | CCA44CB62EE1C6BC3570D18ACFC5EBB0E4AAFB78947E87D9D829B7CE7A41852E |
SHA-512: | 01AF49960C147E6741E990A80FBCB492FCC1A0906A43981CC830172987B48B5E794870D0FCB359F9C705382375142BCFD0214E002851CDBAA258097DE66013D3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4645 |
Entropy (8bit): | 4.465403245286182 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg771I9HmzSSWpW8VYOoYm8M4J1TPSMF+yq85R0K2nCCAt4nt3d:uIjf6I7dWz7VjJmXKw3d |
MD5: | 2AE6B5AA0E17D35CE0788A1343BC1217 |
SHA1: | 93EF10AA6710A9DFF6CDCDB8F4086AE153216A82 |
SHA-256: | C308B9ECCAA3C87CF1B9CAC771982488DEFA5241A7AF3D42BEE08C23C8F81B63 |
SHA-512: | 63A156ED7B3CBC59BE15A51C135FAF851291DFE63892A4590C467E6FFA6DF1B78A6B8D79F45EB4543078C70AD89FA5399C02C8BFF5B8588554ACFD67F2F701EC |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4656039153401315 |
Encrypted: | false |
SSDEEP: | 6144:dIXfpi67eLPU9skLmb0b49WSPKaJG8nAgejZMMhA2gX4WABl0uNSdwBCswSbt:OXD949WlLZMM6YFHY+t |
MD5: | CF4FE81914BC8ABF87CABF056E8747E1 |
SHA1: | 70D5E160840C6CB6E14CB9C87BF3664475F8EEB4 |
SHA-256: | 39AD7F0821E133E287633C321334B01836A6A4BA17007D06F1BB03A3BD01BEF3 |
SHA-512: | F6305135935D3884CC4B61B498916D7D83250D6A2AA0C2A15C3C23D032141F7812CA71E5A02E07699538352822F4C55929244126EB2FB79856A10D86ED4C0BB5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44 |
Entropy (8bit): | 4.003997527334849 |
Encrypted: | false |
SSDEEP: | 3:HnRthLK5a6eCMABe:HRoJPO |
MD5: | DF5DC1ABC0D52F3C9E931E26A7C0065C |
SHA1: | EE84123D3B3BC440C63DFE65FF5616BE2B0904D5 |
SHA-256: | F7167A2FACDE50428D8D2697A1CDFF075DE809323DD16D62B65CDD103B2A9A6D |
SHA-512: | 9B2253CE41880D22A2DDF4F886BB6CB22FF0C981400CD9D03A1FCA81DE5FAEB86C26B85B66ECEC960816D7BBE9740843890F2FCCD334B6D274295A32A8E6A4E9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.423322949566928 |
TrID: |
|
File name: | G9e272AEyo.exe |
File size: | 506'368 bytes |
MD5: | f0f5b379dfbcd101a6abffae96082417 |
SHA1: | 505849de091e311eb9ef7c413a18525b7338dc8e |
SHA256: | b779b04efc9be9517b8ae479e408f6054a0f7f8ef3d1af542d5c0c863566c165 |
SHA512: | 77a2bc28641ae88fe14ff16bccc738941a7e2f939d9df5279956d76df9f7bcef8dd5f7ce47c0102f92011dfc8153c4f55ea687bca0064df75681345a627b96dc |
SSDEEP: | 6144:Sy8K4ZP3rneV8giiDYviaN4TuNy+m4W70Lzxw2T942uHde9VWWJpQHCgTf1:SDxVtfkYvi3qNRWYLz2m+P4mzHC6f1 |
TLSH: | 43B46D56A7A807E9D1A7D03CC547C603E7B6B4991310DBDB43A0CA791F63BE16E3A720 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V..._.+.B...PHE.^...PH..v...PH..\...PH..R...PH..P.......A...V...s.......?...9H..T...9H..W...9HG.W...9H..W...RichV.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x14005f9d8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x67128079 [Fri Oct 18 15:36:25 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 3dd1b7e6418973ac2798d88d33677d96 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F90C138FA68h |
dec eax |
add esp, 28h |
jmp 00007F90C138F357h |
int3 |
int3 |
jmp 00007F90C138FD18h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [0000178Bh] |
dec eax |
mov ecx, ebx |
call dword ptr [000016F2h] |
call dword ptr [00001774h] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
pop ebx |
dec eax |
jmp dword ptr [00001770h] |
dec eax |
mov dword ptr [esp+08h], ecx |
dec eax |
sub esp, 38h |
mov ecx, 00000017h |
call dword ptr [00001764h] |
test eax, eax |
je 00007F90C138F4E9h |
mov ecx, 00000002h |
int 29h |
dec eax |
lea ecx, dword ptr [00018E12h] |
call 00007F90C138F6AEh |
dec eax |
mov eax, dword ptr [esp+38h] |
dec eax |
mov dword ptr [00018EF9h], eax |
dec eax |
lea eax, dword ptr [esp+38h] |
dec eax |
add eax, 08h |
dec eax |
mov dword ptr [00018E89h], eax |
dec eax |
mov eax, dword ptr [00018EE2h] |
dec eax |
mov dword ptr [00018D53h], eax |
dec eax |
mov eax, dword ptr [esp+40h] |
dec eax |
mov dword ptr [00018E57h], eax |
mov dword ptr [00018D2Dh], C0000409h |
mov dword ptr [00018D27h], 00000001h |
mov dword ptr [00000031h], 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x760f0 | 0x1cc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7d000 | 0x1e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x79000 | 0x3f84 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7e000 | 0x4e4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6ffc0 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x70080 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6fe80 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x61000 | 0x818 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5fda8 | 0x5fe00 | ad7af0cbccd1a4defd6ae074a195a815 | False | 0.5327243929269883 | data | 6.336128214871671 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x61000 | 0x16b92 | 0x16c00 | 1c53da1c44920008c818f71dd0927c63 | False | 0.37981842376373626 | data | 5.578623672658902 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x78000 | 0xdf8 | 0x400 | 227ce6cadd4904b7716198186655da5c | False | 0.2138671875 | data | 2.4411408781631465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x79000 | 0x3f84 | 0x4000 | 50e902fb009b515c9924ff6238b5e51d | False | 0.48175048828125 | data | 5.776998787420237 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x7d000 | 0x1e8 | 0x200 | 7d03a0f9d3c3a10dec18b513161e66d8 | False | 0.54296875 | data | 4.772037401703051 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x7e000 | 0x4e4 | 0x600 | 39326fb49822ad82593e9e49b5e608b8 | False | 0.5123697916666666 | data | 4.849267575521713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x7d060 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
DLL | Import |
---|---|
KERNEL32.dll | WideCharToMultiByte, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, GetTickCount, QueryPerformanceCounter, VerifyVersionInfoA, LoadLibraryA, GetProcAddress, GetModuleHandleA, FreeLibrary, GetSystemDirectoryA, CreateFileA, VerSetConditionMask, SleepEx, LeaveCriticalSection, EnterCriticalSection, FormatMessageA, SetLastError, CloseHandle, GetCurrentProcess, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetModuleHandleW, GetCurrentProcessId, GetCurrentThreadId, GetFileSizeEx, WaitForMultipleObjects, PeekNamedPipe, ReadFile, GetFileType, GetEnvironmentVariableA, MultiByteToWideChar, WaitForSingleObjectEx, QueryPerformanceFrequency, GetSystemTimeAsFileTime, MoveFileExA, DeleteCriticalSection, GetLastError, InitializeCriticalSectionEx, OutputDebugStringW, InitializeSListHead, GetConsoleWindow, SetConsoleTitleA, SetConsoleTextAttribute, Sleep, GetStdHandle |
USER32.dll | GetWindowLongPtrA, SetWindowLongPtrA, MessageBoxA, SetLayeredWindowAttributes |
ADVAPI32.dll | CryptAcquireContextA, CryptReleaseContext, CryptGetHashParam, CryptGenRandom, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptDestroyKey, CryptImportKey, CryptEncrypt |
SHELL32.dll | ShellExecuteA |
MSVCP140.dll | ?_Xlength_error@std@@YAXPEBD@Z, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?uncaught_exception@std@@YA_NXZ, ?_Xbad_function_call@std@@YAXXZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z |
urlmon.dll | URLDownloadToFileA |
Normaliz.dll | IdnToAscii |
WLDAP32.dll | |
CRYPT32.dll | CertGetCertificateChain, CertFreeCertificateChainEngine, CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertFindExtension, CertAddCertificateContextToStore, CertFreeCertificateChain, PFXImportCertStore, CryptStringToBinaryA, CertFreeCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertCloseStore, CertOpenStore, CryptDecodeObjectEx |
WS2_32.dll | gethostname, sendto, recvfrom, freeaddrinfo, getaddrinfo, select, ioctlsocket, listen, htonl, accept, WSACleanup, WSAStartup, WSAIoctl, WSASetLastError, socket, setsockopt, ntohs, htons, getsockopt, getsockname, getpeername, connect, bind, WSAGetLastError, send, recv, closesocket, ntohl, __WSAFDIsSet |
VCRUNTIME140.dll | __std_exception_copy, __std_exception_destroy, _CxxThrowException, memcpy, memset, __std_terminate, __C_specific_handler, __current_exception_context, __current_exception, memchr, memcmp, strchr, strstr, memmove, strrchr |
VCRUNTIME140_1.dll | __CxxFrameHandler4 |
api-ms-win-crt-runtime-l1-1-0.dll | _invalid_parameter_noinfo_noreturn, _beginthreadex, _errno, __sys_nerr, _getpid, exit, system, terminate, _register_thread_local_exe_atexit_callback, _configure_narrow_argv, _initialize_narrow_environment, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, strerror, _c_exit, _initterm, _initterm_e, _exit, __p___argv, __p___argc, _get_initial_narrow_environment |
api-ms-win-crt-heap-l1-1-0.dll | realloc, _callnewh, free, calloc, _set_new_mode, malloc |
api-ms-win-crt-utility-l1-1-0.dll | rand, qsort |
api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vfprintf, fseek, feof, __p__commode, __acrt_iob_func, ftell, fputc, _lseeki64, _read, _write, _close, _open, fflush, __stdio_common_vsscanf, __stdio_common_vsprintf, fread, fputs, fopen, fwrite, fgets, fclose, _set_fmode |
api-ms-win-crt-convert-l1-1-0.dll | strtod, atoi, strtoul, strtoull, strtol, strtoll |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale, localeconv |
api-ms-win-crt-time-l1-1-0.dll | _time64, _gmtime64 |
api-ms-win-crt-string-l1-1-0.dll | strcmp, strncmp, isupper, strcspn, strspn, _strdup, strncpy, tolower, strpbrk |
api-ms-win-crt-filesystem-l1-1-0.dll | _stat64, _unlink, _access, _fstat64 |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, _dclass |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:10:01.332422018 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:01.332451105 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:01.332870007 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:01.343858004 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:01.343874931 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.117132902 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.117264032 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:02.121400118 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:02.121409893 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.121715069 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.125371933 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:02.167431116 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.586214066 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.586270094 CEST | 443 | 49734 | 104.26.1.5 | 192.168.2.4 |
Oct 20, 2024 21:10:02.586801052 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Oct 20, 2024 21:10:11.703583956 CEST | 49734 | 443 | 192.168.2.4 | 104.26.1.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:10:01.317313910 CEST | 56509 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 21:10:01.327142954 CEST | 53 | 56509 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 21:10:45.837368965 CEST | 53 | 49822 | 162.159.36.2 | 192.168.2.4 |
Oct 20, 2024 21:10:46.794553041 CEST | 53 | 56730 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:10:01.317313910 CEST | 192.168.2.4 | 1.1.1.1 | 0x18e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:10:01.327142954 CEST | 1.1.1.1 | 192.168.2.4 | 0x18e | No error (0) | 104.26.1.5 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 21:10:01.327142954 CEST | 1.1.1.1 | 192.168.2.4 | 0x18e | No error (0) | 172.67.72.57 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 21:10:01.327142954 CEST | 1.1.1.1 | 192.168.2.4 | 0x18e | No error (0) | 104.26.0.5 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 104.26.1.5 | 443 | 6580 | C:\Users\user\Desktop\G9e272AEyo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-20 19:10:02 UTC | 128 | OUT | |
2024-10-20 19:10:02 UTC | 58 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\Desktop\G9e272AEyo.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6482c0000 |
File size: | 506'368 bytes |
MD5 hash: | F0F5B379DFBCD101A6ABFFAE96082417 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 6 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:09:58 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 12 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 22 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 15:10:03 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 15:10:03 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 15:10:03 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 15:10:03 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff631850000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff776380000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb6d0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 37 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68cea0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 4.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.4% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 90 |
Graph
Function 00007FF6482EF590 Relevance: 178.5, APIs: 31, Strings: 70, Instructions: 1702stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9F3D Relevance: 116.1, APIs: 43, Strings: 23, Instructions: 552stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1530 Relevance: 114.1, APIs: 51, Strings: 14, Instructions: 304processsleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E8980 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 191libraryloadernetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E7CC0 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F4A60 Relevance: 24.1, APIs: 16, Instructions: 127networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E6980 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 337COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C2AA0 Relevance: 40.7, APIs: 16, Strings: 7, Instructions: 402sleepwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FB5C0 Relevance: 38.9, APIs: 6, Strings: 16, Instructions: 385COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FAA50 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 415encryptionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9C70 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 348libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E2920 Relevance: 28.6, APIs: 6, Strings: 10, Instructions: 557COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E18B0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 153COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E8660 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128librarystringloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E7300 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F86D0 Relevance: 19.6, APIs: 13, Instructions: 128networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F5FE0 Relevance: 16.7, APIs: 11, Instructions: 241sleepnetworkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E4EF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C2840 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F5C40 Relevance: 10.7, APIs: 7, Instructions: 242sleepnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FBC90 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 172COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D6D00 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 193COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E1190 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F1710 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E5ED0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D7DF8 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 297COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C3550 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648312480 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D792B Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 246COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F12D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9A80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E1E90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D8990 Relevance: 105.7, APIs: 41, Strings: 19, Instructions: 738stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830D220 Relevance: 102.1, APIs: 45, Strings: 13, Instructions: 581COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C955D Relevance: 78.0, APIs: 39, Strings: 5, Instructions: 978COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648309520 Relevance: 77.4, APIs: 26, Strings: 18, Instructions: 435networkfilepipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482CABFD Relevance: 74.4, APIs: 37, Strings: 5, Instructions: 930COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648315AD0 Relevance: 72.3, APIs: 17, Strings: 24, Instructions: 549encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483049F0 Relevance: 67.0, APIs: 25, Strings: 13, Instructions: 515networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482DF0E0 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 254stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483163F0 Relevance: 52.8, APIs: 17, Strings: 13, Instructions: 253fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E3330 Relevance: 51.2, APIs: 21, Strings: 8, Instructions: 401stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9FFC Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 203stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FA005 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648310580 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 252fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1D10 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F7CC0 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9300 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831CE40 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830B4F1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483200E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831FF64 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FC220 Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FC1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482CD250 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831EEC0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FC210 Relevance: .0, Instructions: 3COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831FEF4 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F9430 Relevance: 145.9, APIs: 50, Strings: 47, Instructions: 425stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E4A50 Relevance: 52.7, APIs: 34, Strings: 1, Instructions: 215COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648306E90 Relevance: 49.9, APIs: 6, Strings: 27, Instructions: 385COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831DE10 Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 250COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482CAE0F Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 459COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648312BB0 Relevance: 37.1, APIs: 10, Strings: 11, Instructions: 312networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830DB10 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 257stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830BCE0 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 175stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482DBE00 Relevance: 34.9, APIs: 6, Strings: 17, Instructions: 352COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F4480 Relevance: 33.2, APIs: 6, Strings: 16, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C6310 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 463COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D9A20 Relevance: 31.8, APIs: 21, Instructions: 269stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830E240 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 214stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648309140 Relevance: 31.7, APIs: 9, Strings: 12, Instructions: 208stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483039B0 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 284stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E4240 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648302E60 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 208stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482DA3A0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F6440 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 341COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C5470 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 362COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FB1E0 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 241encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F1A00 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 218stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831D000 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317C01 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648311C70 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483189C0 Relevance: 24.2, APIs: 1, Strings: 15, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830ED9C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 252COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FD080 Relevance: 22.8, APIs: 1, Strings: 14, Instructions: 321COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483019D0 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 279COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482CC031 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482DA010 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 161fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D2500 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648309D20 Relevance: 19.7, APIs: 4, Strings: 9, Instructions: 151stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830CE20 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 222networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830C200 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E3DF0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D9E00 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 143fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EB9D0 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FD9E0 Relevance: 18.2, APIs: 4, Strings: 8, Instructions: 207COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C1FB0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 241COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EE160 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 178COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EBDD0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 162COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830F1F1 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 140COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E1C60 Relevance: 16.4, APIs: 13, Instructions: 164stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E3B80 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E3B29 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 150COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E84A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 112stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E72 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E66 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E5A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E4E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E42 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E8A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1E7E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D1D8E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831E240 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 230COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C73F9 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 230COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D91B5 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F24B0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 181COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D92C3 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E3FF0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 142stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D4067 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 109COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648306371 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316A9C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831A500 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831794C Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 174COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316DD6 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648310E80 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 148COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648307B10 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 111stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831BC20 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 252stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482ED370 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830DEF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482CAB70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 156COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C94D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648306BC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EE30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EE06 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316B6E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316C5D Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317F55 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316B97 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 123COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317954 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 110COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E8FE0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 217stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F8EB0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 184COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D917C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D9319 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483002C0 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648303400 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 146stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317DCB Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483031D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 145networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E8420 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 144COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830BFB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C2370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648310B30 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 129COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EE77 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EDF8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EE22 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EDDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EDEA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830EEAD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830CB00 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F3F90 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 109stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EC360 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317D0E Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 102COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316AD1 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FFE10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316DDE Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 95COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648310430 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317F5D Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FE936 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317068 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 55COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317CE5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483173DC Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316D9F Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317C40 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316B41 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 80COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316B7F Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 76COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648316B59 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 75COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648305963 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 71COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D92A8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 155COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D919D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F21A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830F580 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EEF50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482C4310 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648306A10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E5D80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482EA510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319459 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648300DD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648318D00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648314330 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648301A3B Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319D35 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 133COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319049 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317253 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FE450 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317190 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317F1E Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648301F90 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 68COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483173E4 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 62COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317CB8 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 60COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317CF6 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 56COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317CD0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D2C40 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 46stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483199F5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830BA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831948E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E5AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F4130 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D4313 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FDEE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482D4498 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64830A490 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648317161 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319BAF Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 132COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648318EC0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF64831AC70 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319AF5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 90COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483061CD Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648318E05 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 78COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319D3D Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E0240 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319051 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483170AA Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 60COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E92DD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483024B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 54stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482F1960 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E91D2 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E91CA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6483111C0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482FCEE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E8CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E7010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6482E54C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648319AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF648318DD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|