Windows
Analysis Report
oMBUxRQ4cj.exe
Overview
General Information
Sample name: | oMBUxRQ4cj.exerenamed because original name is a hash value |
Original sample name: | be1bc9129a29112cf1d62b178517de03.exe |
Analysis ID: | 1538234 |
MD5: | be1bc9129a29112cf1d62b178517de03 |
SHA1: | d93ce38e29d5643fdda4d786a0194fbed04c68b9 |
SHA256: | ff4475b9917de9cdd66f95df8f764433961e992a28942b595933ecf0a8c82db8 |
Tags: | 64exetrojan |
Infos: | |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- oMBUxRQ4cj.exe (PID: 2640 cmdline:
"C:\Users\ user\Deskt op\oMBUxRQ 4cj.exe" MD5: BE1BC9129A29112CF1D62B178517DE03) - conhost.exe (PID: 2892 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5972 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1644 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 432 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6644 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 1440 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 4288 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 1868 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 1532 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 6084 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 4824 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3876 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 6516 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6968 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 4836 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6148 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 2172 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6660 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 4308 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 5876 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 4288 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 1440 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 1532 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 1632 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6180 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 2780 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1360 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 4836 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1892 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 2672 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 432 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 2612 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 2472 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 6396 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - WerFault.exe (PID: 3680 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 2 640 -s 992 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_00007FF7E5A19F3D | |
Source: | Code function: | 0_2_00007FF7E5A19300 | |
Source: | Code function: | 0_2_00007FF7E5A19230 | |
Source: | Code function: | 0_2_00007FF7E5A1C220 | |
Source: | Code function: | 0_2_00007FF7E5A1C1C0 | |
Source: | Code function: | 0_2_00007FF7E5A1C210 | |
Source: | Code function: | 0_2_00007FF7E5A363F0 | |
Source: | Code function: | 0_2_00007FF7E5A3CE40 | |
Source: | Code function: | 0_2_00007FF7E5A3EF30 | |
Source: | Code function: | 0_2_00007FF7E5A35AD0 |
Source: | Code function: | 0_2_00007FF7E59FF0E0 | |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF7E5A28B00 |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FF7E59F1530 |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00007FF7E5A3CE40 |
Source: | Code function: | 0_2_00007FF7E59F1530 | |
Source: | Code function: | 0_2_00007FF7E5A0F590 | |
Source: | Code function: | 0_2_00007FF7E5A19F3D | |
Source: | Code function: | 0_2_00007FF7E5A06980 | |
Source: | Code function: | 0_2_00007FF7E5A08980 | |
Source: | Code function: | 0_2_00007FF7E5A07CC0 | |
Source: | Code function: | 0_2_00007FF7E5A1C5D0 | |
Source: | Code function: | 0_2_00007FF7E5A315B0 | |
Source: | Code function: | 0_2_00007FF7E5A00600 | |
Source: | Code function: | 0_2_00007FF7E5A29520 | |
Source: | Code function: | 0_2_00007FF7E5A30580 | |
Source: | Code function: | 0_2_00007FF7E59E955D | |
Source: | Code function: | 0_2_00007FF7E5A09840 | |
Source: | Code function: | 0_2_00007FF7E5A12890 | |
Source: | Code function: | 0_2_00007FF7E59E973B | |
Source: | Code function: | 0_2_00007FF7E59ED250 | |
Source: | Code function: | 0_2_00007FF7E5A2D220 | |
Source: | Code function: | 0_2_00007FF7E5A153E0 | |
Source: | Code function: | 0_2_00007FF7E5A03330 | |
Source: | Code function: | 0_2_00007FF7E5A3EEC0 | |
Source: | Code function: | 0_2_00007FF7E5A3CE40 | |
Source: | Code function: | 0_2_00007FF7E59EDDE0 | |
Source: | Code function: | 0_2_00007FF7E59E1000 | |
Source: | Code function: | 0_2_00007FF7E5A19FFC | |
Source: | Code function: | 0_2_00007FF7E5A1A005 | |
Source: | Code function: | 0_2_00007FF7E5A35AD0 | |
Source: | Code function: | 0_2_00007FF7E5A249F0 | |
Source: | Code function: | 0_2_00007FF7E59F8990 | |
Source: | Code function: | 0_2_00007FF7E5A17CC0 | |
Source: | Code function: | 0_2_00007FF7E59EABFD | |
Source: | Code function: | 0_2_00007FF7E59EEB70 |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF7E59F2640 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7E5A08660 |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_0-47619 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7E5A3FD4C |
Source: | Code function: | 0_2_00007FF7E5A400E8 |
Source: | Code function: | 0_2_00007FF7E5A08660 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7E5A3FEF4 | |
Source: | Code function: | 0_2_00007FF7E5A3FD4C | |
Source: | Code function: | 0_2_00007FF7E5A3F9F4 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7E5A3FF64 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF7E5A14A60 | |
Source: | Code function: | 0_2_00007FF7E5A07630 | |
Source: | Code function: | 0_2_00007FF7E5A2B750 | |
Source: | Code function: | 0_2_00007FF7E5A2B4F1 | |
Source: | Code function: | 0_2_00007FF7E5A249F0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Windows Service | 1 Windows Service | 1 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | 1 Exploitation of Remote Services | 12 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Data Encrypted for Impact |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 11 Virtualization/Sandbox Evasion | LSASS Memory | 141 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Service Execution | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 1 Native API | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 3 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win64.Trojan.Lazy | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
keyauth.win | 104.26.0.5 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.0.5 | keyauth.win | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538234 |
Start date and time: | 2024-10-20 21:09:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | oMBUxRQ4cj.exerenamed because original name is a hash value |
Original Sample Name: | be1bc9129a29112cf1d62b178517de03.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@68/22@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.189.173.20
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: oMBUxRQ4cj.exe
Time | Type | Description |
---|---|---|
15:10:25 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.0.5 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
keyauth.win | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Blank Grabber, Umbral Stealer, XWorm | Browse |
| ||
Get hash | malicious | Discord Rat | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_oMBUxRQ4cj.exe_5fd8cc97a3ec791a464adc62fb4cece4561dc271_c6605313_0bdab154-a71e-4fa1-b277-03f59eb49450\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9997635471468678 |
Encrypted: | false |
SSDEEP: | 192:wkVZ6JBIa087bBhjXVmUzuiFNZ24lO8r/:5VZsBIh8HBhjRzuiFNY4lO8r |
MD5: | 65026FE2EBCBA283802F4548630553BD |
SHA1: | 0B6A8381293F2552BDE5CD3322799D7887753146 |
SHA-256: | 46BC0C03149EDB2FF0B857295E3117D894785B5022FF05DAA092A1D506006A8B |
SHA-512: | 33FCAC690AA00BD8A58D7F1F6E9E8D3AFB27A0D9E1BDB73980DEB88E2DBAD933F35DD7D1B07962A295CCFB5AA1CE6576E64E5654B4ECBA9DFAB35B6AB13A45DF |
Malicious: | true |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 105668 |
Entropy (8bit): | 1.617780144724441 |
Encrypted: | false |
SSDEEP: | 384:39JCtrkh2e0syFkNDDaRuKGhDRTJmr2BCL2FP:3Ogh2e07eNDGRuKGhwS |
MD5: | E968245385494CB5473E50D44FAB66E3 |
SHA1: | 76E07427B8D9ECCEEA2650B594D22F168A44A8AC |
SHA-256: | 38FBCBA8BBDA4D03A7300CC9BD6A4DC39AF039918D2F3A1D840D406FFE9B22F2 |
SHA-512: | AEC366B9754151827DD6384075C201A800087145449A45CC1F8F70AF5FEC85783EC805EF7E1BC35DDA5276DBE8606CF77A7C9E231EF2DB31702876E7CCEDEFF7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10134 |
Entropy (8bit): | 3.7158043317306677 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJiy/H6YEITcP45Yg+hgmfhQ2NprO89bqXzoSf6Om:R6lXJvP6YEsWgGgmfhQ23qXzVfK |
MD5: | 0E67A4CB40F73B6B89A9E80CC936151D |
SHA1: | 7DD557F53A3ABA49DCE5054FE8AB81773A8A55B2 |
SHA-256: | B6CD3D29AB7C4872387529C1EA7C8879099CF04D874F5D7076AE3491F8DAD63E |
SHA-512: | 0E1898EDC19C8E50AC38BC0C2F32E6869ECD079D43F5083F59F29AAF074AB3BD6E40FCD07A8E524F65F51B48B269C7D88E549AEBD1E159A83C248A77339A3914 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4645 |
Entropy (8bit): | 4.476988878789837 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg771I9adWpW8VY5Ym8M4J0/FBUmyq85zWXtYxmXeBd:uIjf6I75s7VhJ5mVicXMd |
MD5: | 041635DFB4262E437F867A3129EB6348 |
SHA1: | CE4941921E4C5676833862BBF63C57F9ED275F5A |
SHA-256: | CF441C735C424C1A20456EA5A5CC41B6C678D3E1EE9CB3F7209B000B8452E2C6 |
SHA-512: | EE38F42B0E42BDD5BCE29F119AE157F2813D729A1969FBB4E6FE9D04CE4DF46E3346EF8A14AE00EE191FD673BC6675E551136151507B9DE32ADEF083414788E9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421637273868838 |
Encrypted: | false |
SSDEEP: | 6144:jSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnN70uhiTw:uvloTMW+EZMM6DFyd03w |
MD5: | 1A4F2ADD61F4F137162A34F03CED6C08 |
SHA1: | 5723F4B227CA9AC218083AFE5685388CB35106FD |
SHA-256: | FA19D4379AF2B1ADF627FE11EADF1FF66BD2DE54ADEA7CF6495C73A9805ED6E7 |
SHA-512: | CA49C921D9FD5F7FDD2F81F881B39E6310613341D8E8B45681B2F7118C44E905EA915BFEA556264EA9C2D5A8B580EF555E32B0484580BAE22E13E6EB80D2DD5F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44 |
Entropy (8bit): | 4.003997527334849 |
Encrypted: | false |
SSDEEP: | 3:HnRthLK5a6eCMABe:HRoJPO |
MD5: | DF5DC1ABC0D52F3C9E931E26A7C0065C |
SHA1: | EE84123D3B3BC440C63DFE65FF5616BE2B0904D5 |
SHA-256: | F7167A2FACDE50428D8D2697A1CDFF075DE809323DD16D62B65CDD103B2A9A6D |
SHA-512: | 9B2253CE41880D22A2DDF4F886BB6CB22FF0C981400CD9D03A1FCA81DE5FAEB86C26B85B66ECEC960816D7BBE9740843890F2FCCD334B6D274295A32A8E6A4E9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.4231219861016315 |
TrID: |
|
File name: | oMBUxRQ4cj.exe |
File size: | 506'368 bytes |
MD5: | be1bc9129a29112cf1d62b178517de03 |
SHA1: | d93ce38e29d5643fdda4d786a0194fbed04c68b9 |
SHA256: | ff4475b9917de9cdd66f95df8f764433961e992a28942b595933ecf0a8c82db8 |
SHA512: | f28d9631d0d4f0ab5f648b4fd9913ddf1336c5b898513266456e9aeb81a69b3c339e6fa53b6af52e8edecc30f6971fc6ce4f66e97acb38149ea3a2deb168da4d |
SSDEEP: | 6144:xy8S4ZP3rneV8giiDYviaN4TuNy+m4W70Lzxw2T942uHde9VWWTpQmCgTf1:xDpVtfkYvi3qNRWYLz2m+P4m5mC6f1 |
TLSH: | 96B46D56A7A807E9D1A7D03CC547C603E7B6B4991310DBDB43A0CA791F63BE16E3A720 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V..._.+.B...PHE.^...PH..v...PH..\...PH..R...PH..P.......A...V...s.......?...9H..T...9H..W...9HG.W...9H..W...RichV.. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x14005f9d8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x670FD9F7 [Wed Oct 16 15:21:27 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 3dd1b7e6418973ac2798d88d33677d96 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FE81C900A58h |
dec eax |
add esp, 28h |
jmp 00007FE81C900347h |
int3 |
int3 |
jmp 00007FE81C900D08h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [0000178Bh] |
dec eax |
mov ecx, ebx |
call dword ptr [000016F2h] |
call dword ptr [00001774h] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
pop ebx |
dec eax |
jmp dword ptr [00001770h] |
dec eax |
mov dword ptr [esp+08h], ecx |
dec eax |
sub esp, 38h |
mov ecx, 00000017h |
call dword ptr [00001764h] |
test eax, eax |
je 00007FE81C9004D9h |
mov ecx, 00000002h |
int 29h |
dec eax |
lea ecx, dword ptr [00018E12h] |
call 00007FE81C90069Eh |
dec eax |
mov eax, dword ptr [esp+38h] |
dec eax |
mov dword ptr [00018EF9h], eax |
dec eax |
lea eax, dword ptr [esp+38h] |
dec eax |
add eax, 08h |
dec eax |
mov dword ptr [00018E89h], eax |
dec eax |
mov eax, dword ptr [00018EE2h] |
dec eax |
mov dword ptr [00018D53h], eax |
dec eax |
mov eax, dword ptr [esp+40h] |
dec eax |
mov dword ptr [00018E57h], eax |
mov dword ptr [00018D2Dh], C0000409h |
mov dword ptr [00018D27h], 00000001h |
mov dword ptr [00000031h], 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x760f0 | 0x1cc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7d000 | 0x1e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x79000 | 0x3f84 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7e000 | 0x4e4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6ffc0 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x70080 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6fe80 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x61000 | 0x818 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5fda8 | 0x5fe00 | e7d9058d6d0aa09d44a484d3d7e87298 | False | 0.5327243929269883 | data | 6.33613026455228 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x61000 | 0x16b92 | 0x16c00 | fe643e4dd3fa906f1244164bcbf97042 | False | 0.37974330357142855 | data | 5.577966141982146 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x78000 | 0xdf8 | 0x400 | 227ce6cadd4904b7716198186655da5c | False | 0.2138671875 | data | 2.4411408781631465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x79000 | 0x3f84 | 0x4000 | 50e902fb009b515c9924ff6238b5e51d | False | 0.48175048828125 | data | 5.776998787420237 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x7d000 | 0x1e8 | 0x200 | 7d03a0f9d3c3a10dec18b513161e66d8 | False | 0.54296875 | data | 4.772037401703051 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x7e000 | 0x4e4 | 0x600 | 39326fb49822ad82593e9e49b5e608b8 | False | 0.5123697916666666 | data | 4.849267575521713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x7d060 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
DLL | Import |
---|---|
KERNEL32.dll | WideCharToMultiByte, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, GetTickCount, QueryPerformanceCounter, VerifyVersionInfoA, LoadLibraryA, GetProcAddress, GetModuleHandleA, FreeLibrary, GetSystemDirectoryA, CreateFileA, VerSetConditionMask, SleepEx, LeaveCriticalSection, EnterCriticalSection, FormatMessageA, SetLastError, CloseHandle, GetCurrentProcess, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetModuleHandleW, GetCurrentProcessId, GetCurrentThreadId, GetFileSizeEx, WaitForMultipleObjects, PeekNamedPipe, ReadFile, GetFileType, GetEnvironmentVariableA, MultiByteToWideChar, WaitForSingleObjectEx, QueryPerformanceFrequency, GetSystemTimeAsFileTime, MoveFileExA, DeleteCriticalSection, GetLastError, InitializeCriticalSectionEx, OutputDebugStringW, InitializeSListHead, GetConsoleWindow, SetConsoleTitleA, SetConsoleTextAttribute, Sleep, GetStdHandle |
USER32.dll | GetWindowLongPtrA, SetWindowLongPtrA, MessageBoxA, SetLayeredWindowAttributes |
ADVAPI32.dll | CryptAcquireContextA, CryptReleaseContext, CryptGetHashParam, CryptGenRandom, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptDestroyKey, CryptImportKey, CryptEncrypt |
SHELL32.dll | ShellExecuteA |
MSVCP140.dll | ?_Xlength_error@std@@YAXPEBD@Z, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?uncaught_exception@std@@YA_NXZ, ?_Xbad_function_call@std@@YAXXZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z |
urlmon.dll | URLDownloadToFileA |
Normaliz.dll | IdnToAscii |
WLDAP32.dll | |
CRYPT32.dll | CertGetCertificateChain, CertFreeCertificateChainEngine, CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertFindExtension, CertAddCertificateContextToStore, CertFreeCertificateChain, PFXImportCertStore, CryptStringToBinaryA, CertFreeCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertCloseStore, CertOpenStore, CryptDecodeObjectEx |
WS2_32.dll | gethostname, sendto, recvfrom, freeaddrinfo, getaddrinfo, select, ioctlsocket, listen, htonl, accept, WSACleanup, WSAStartup, WSAIoctl, WSASetLastError, socket, setsockopt, ntohs, htons, getsockopt, getsockname, getpeername, connect, bind, WSAGetLastError, send, recv, closesocket, ntohl, __WSAFDIsSet |
VCRUNTIME140.dll | __std_exception_copy, __std_exception_destroy, _CxxThrowException, memcpy, memset, __std_terminate, __C_specific_handler, __current_exception_context, __current_exception, memchr, memcmp, strchr, strstr, memmove, strrchr |
VCRUNTIME140_1.dll | __CxxFrameHandler4 |
api-ms-win-crt-runtime-l1-1-0.dll | _invalid_parameter_noinfo_noreturn, _beginthreadex, _errno, __sys_nerr, _getpid, exit, system, terminate, _register_thread_local_exe_atexit_callback, _configure_narrow_argv, _initialize_narrow_environment, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, strerror, _c_exit, _initterm, _initterm_e, _exit, __p___argv, __p___argc, _get_initial_narrow_environment |
api-ms-win-crt-heap-l1-1-0.dll | realloc, _callnewh, free, calloc, _set_new_mode, malloc |
api-ms-win-crt-utility-l1-1-0.dll | rand, qsort |
api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vfprintf, fseek, feof, __p__commode, __acrt_iob_func, ftell, fputc, _lseeki64, _read, _write, _close, _open, fflush, __stdio_common_vsscanf, __stdio_common_vsprintf, fread, fputs, fopen, fwrite, fgets, fclose, _set_fmode |
api-ms-win-crt-convert-l1-1-0.dll | strtod, atoi, strtoul, strtoull, strtol, strtoll |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale, localeconv |
api-ms-win-crt-time-l1-1-0.dll | _time64, _gmtime64 |
api-ms-win-crt-string-l1-1-0.dll | strcmp, strncmp, isupper, strcspn, strspn, _strdup, strncpy, tolower, strpbrk |
api-ms-win-crt-filesystem-l1-1-0.dll | _stat64, _unlink, _access, _fstat64 |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, _dclass |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:10:02.040790081 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.040867090 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:02.040980101 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.054287910 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.054323912 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:02.871313095 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:02.871520996 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.937979937 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.938029051 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:02.938487053 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:02.942677975 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:02.983427048 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:03.128381014 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:03.128540993 CEST | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
Oct 20, 2024 21:10:03.128626108 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Oct 20, 2024 21:10:26.469109058 CEST | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 21:10:02.027272940 CEST | 52687 | 53 | 192.168.2.5 | 1.1.1.1 |
Oct 20, 2024 21:10:02.034897089 CEST | 53 | 52687 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:10:02.027272940 CEST | 192.168.2.5 | 1.1.1.1 | 0xec0a | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2024 21:10:02.034897089 CEST | 1.1.1.1 | 192.168.2.5 | 0xec0a | No error (0) | 104.26.0.5 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 21:10:02.034897089 CEST | 1.1.1.1 | 192.168.2.5 | 0xec0a | No error (0) | 172.67.72.57 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 21:10:02.034897089 CEST | 1.1.1.1 | 192.168.2.5 | 0xec0a | No error (0) | 104.26.1.5 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49708 | 104.26.0.5 | 443 | 2640 | C:\Users\user\Desktop\oMBUxRQ4cj.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-20 19:10:02 UTC | 128 | OUT | |
2024-10-20 19:10:02 UTC | 58 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\Desktop\oMBUxRQ4cj.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e59e0000 |
File size: | 506'368 bytes |
MD5 hash: | BE1BC9129A29112CF1D62B178517DE03 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:09:59 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 13 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 15:10:00 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 22 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 15:10:01 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 15:10:04 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 15:10:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 15:10:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6130f0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 15:10:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 15:10:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 15:10:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 15:10:06 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\sc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff656ab0000 |
File size: | 72'192 bytes |
MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 35 |
Start time: | 15:10:06 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d42e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 15:10:06 |
Start date: | 20/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff627b90000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 4.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 24.5% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 87 |
Graph
Function 00007FF7E5A0F590 Relevance: 178.5, APIs: 31, Strings: 70, Instructions: 1702stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19F3D Relevance: 116.1, APIs: 43, Strings: 23, Instructions: 552stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1530 Relevance: 114.1, APIs: 51, Strings: 14, Instructions: 304processsleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A08980 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 191libraryloadernetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A07CC0 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A08660 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128librarystringloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A14A60 Relevance: 24.1, APIs: 16, Instructions: 127networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A06980 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 337COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E2AA0 Relevance: 40.7, APIs: 16, Strings: 7, Instructions: 402sleepwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1B5C0 Relevance: 38.9, APIs: 6, Strings: 16, Instructions: 385COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1AA50 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 415encryptionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19C70 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 348libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A02920 Relevance: 28.6, APIs: 6, Strings: 10, Instructions: 557COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A018B0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 153COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A07300 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A186D0 Relevance: 19.6, APIs: 13, Instructions: 128networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A15FE0 Relevance: 16.7, APIs: 11, Instructions: 241sleepnetworkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A04EF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E2840 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A15C40 Relevance: 10.7, APIs: 7, Instructions: 242sleepnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1BC90 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 172COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F6D00 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 193COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A01190 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A11710 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A05ED0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F7DF8 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 297COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E3550 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A32480 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F792B Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 246COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A112D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19A80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A01E90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A12890 Relevance: 127.2, APIs: 25, Strings: 47, Instructions: 1229stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2D220 Relevance: 102.1, APIs: 45, Strings: 13, Instructions: 581COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E955D Relevance: 78.0, APIs: 39, Strings: 5, Instructions: 978COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A29520 Relevance: 77.4, APIs: 26, Strings: 18, Instructions: 435networkfilepipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59FF0E0 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 254stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A363F0 Relevance: 52.8, APIs: 17, Strings: 13, Instructions: 253fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A03330 Relevance: 51.2, APIs: 21, Strings: 8, Instructions: 401stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A315B0 Relevance: 42.4, APIs: 21, Strings: 3, Instructions: 425COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A07630 Relevance: 38.8, APIs: 14, Strings: 8, Instructions: 317stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19FFC Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 203stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E973B Relevance: 37.3, APIs: 18, Strings: 3, Instructions: 509COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1A005 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A30580 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 252fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19300 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F2640 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3CE40 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1C5D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 223COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2B4F1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2B750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A400E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1C220 Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1C1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59ED250 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3EEC0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1C210 Relevance: .0, Instructions: 3COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3FEF4 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A19430 Relevance: 145.9, APIs: 50, Strings: 47, Instructions: 425stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A26E90 Relevance: 49.9, APIs: 6, Strings: 27, Instructions: 385COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3DE10 Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 250COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59EAE0F Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 459COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E98E8 Relevance: 35.4, APIs: 17, Strings: 3, Instructions: 423COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59FBE00 Relevance: 34.9, APIs: 6, Strings: 17, Instructions: 352COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A14480 Relevance: 33.2, APIs: 6, Strings: 16, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E6310 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 463COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2E240 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 214stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A29140 Relevance: 31.7, APIs: 9, Strings: 12, Instructions: 208stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0E5D0 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 310stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A04240 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A22E60 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 208stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59FA3A0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A16440 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 341COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E5470 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 362COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1B1E0 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 241encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3D000 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2ED9C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 252COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1D080 Relevance: 22.8, APIs: 1, Strings: 14, Instructions: 321COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59EA7A2 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59EC031 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59FA010 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 161fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F2500 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A36810 Relevance: 19.7, APIs: 5, Strings: 8, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A29D20 Relevance: 19.7, APIs: 4, Strings: 9, Instructions: 151stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2C5A3 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 290COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2CE20 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 222networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2A850 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 180networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2C200 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A03DF0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F9E00 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 143fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A04590 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 280stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E1FB0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 241COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0E160 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 178COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0BDD0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 162COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3B680 Relevance: 16.8, APIs: 2, Strings: 9, Instructions: 279COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1D6B0 Relevance: 16.7, APIs: 5, Strings: 6, Instructions: 223COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2F1F1 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 140COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A24590 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 117COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A084A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 112stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A375CE Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 103COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E42 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E4E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E7E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E8A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E66 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E5A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1E72 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F1D8E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A277B0 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 168COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3E240 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 230COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E73F9 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 230COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F91B5 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A124B0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 181COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F92C3 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A03FF0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 142stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A206A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 135stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F4067 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 109COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A26371 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2E8E0 Relevance: 13.7, APIs: 3, Strings: 6, Instructions: 223COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3A500 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A36DD6 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A30E80 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 148COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0D370 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2DEF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A397B5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E94D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EE30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EE06 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2A6A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A376BE Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A377BD Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 173COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A376F4 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 130COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A257B6 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A336A0 Relevance: 10.9, APIs: 5, Strings: 2, Instructions: 424stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A08FE0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 217stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A18EB0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 184COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A17900 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3962A Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F917C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F9319 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A202C0 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A23400 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 146stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A231D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 145networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37DCB Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A08420 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 144COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2BFB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E2370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EE77 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EE22 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EDF8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EDEA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EDDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2EEAD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37610 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0C360 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1FE10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A36DDE Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 95COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A397BD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A30430 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37068 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 55COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A05640 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A373DC Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3790F Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 98COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3D850 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A36D9F Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37685 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 88COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A376D6 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A376A3 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F92A8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 155COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F919D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A121A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E2610 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2F580 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39568 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59E4310 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F0680 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A05D80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0C810 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0A510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39459 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A20DD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A34330 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39D35 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 133COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3D5E0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 129stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0B6D0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 127COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37253 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39049 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 125COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1E450 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37190 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A373E4 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 62COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A15790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A227B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 120networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3948E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3976F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A22590 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A14130 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F4313 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E59F4498 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1DEE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2A490 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A37161 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0A7B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 135COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A38EC0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A3A830 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 105COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A261CD Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A38E05 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 78COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A00240 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39D3D Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A39051 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A370AA Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 60COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A092DD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A224B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 54stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A091CA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A091D2 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A311C0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A1CEE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A2E75F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A0A680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A07010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A054C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7E5A38DD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|