Windows
Analysis Report
DataIndustrial.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- DataIndustrial.exe (PID: 6864 cmdline:
"C:\Users\ user\Deskt op\DataInd ustrial.ex e" MD5: 152843EAAD328F6A699815F061586C98)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_004513CB |
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00460D51 | |
Source: | Code function: | 0_2_00444DBB | |
Source: | Code function: | 0_2_0045D074 |
Source: | Code function: | 0_2_004467E3 | |
Source: | Code function: | 0_2_0046E0BE | |
Source: | Code function: | 0_2_00466296 | |
Source: | Code function: | 0_2_00474640 | |
Source: | Code function: | 0_2_004666A2 | |
Source: | Code function: | 0_2_0046E9D3 | |
Source: | Code function: | 0_2_00466AC2 | |
Source: | Code function: | 0_2_00474B84 | |
Source: | Code function: | 0_2_0042AF60 | |
Source: | Code function: | 0_2_004750C8 | |
Source: | Code function: | 0_2_0047595E | |
Source: | Code function: | 0_2_004659ED | |
Source: | Code function: | 0_2_0046FD8E | |
Source: | Code function: | 0_2_00465EC2 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0041F780 |
Source: | Code function: | 0_2_00414160 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00426D00 |
Source: | Code function: | 0_2_00467845 | |
Source: | Code function: | 0_2_00467974 |
Source: | Code function: | 0_2_00442063 | |
Source: | Code function: | 0_2_00426800 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-55824 |
Source: | Code function: | 0_2_004513CB |
Source: | Code function: | 0_2_00467C67 |
Source: | API call chain: | graph_0-55397 |
Anti Debugging |
---|
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_0046722D |
Source: | Code function: | 0_2_00467C67 |
Source: | Code function: | 0_2_00426D00 |
Source: | Code function: | 0_2_004725D3 | |
Source: | Code function: | 0_2_0046722D | |
Source: | Code function: | 0_2_004637E0 | |
Source: | Code function: | 0_2_00471A57 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_0044D8B2 | |
Source: | Code function: | 0_2_004752AA |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_004723B2 |
Source: | Code function: | 0_2_00470B17 |
Source: | Code function: | 0_2_00426AC0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 1 Input Capture | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Disable or Modify Tools | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Archive Collected Data | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 24 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
15.164.165.52.in-addr.arpa | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1539399 |
Start date and time: | 2024-10-22 16:15:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | DataIndustrial.exe |
Detection: | MAL |
Classification: | mal48.evad.winEXE@1/4@1/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: DataIndustrial.exe
Time | Type | Description |
---|---|---|
10:16:47 | API Interceptor |
Process: | C:\Users\user\Desktop\DataIndustrial.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49120 |
Entropy (8bit): | 0.0017331682157558962 |
Encrypted: | false |
SSDEEP: | 3:Ztt:T |
MD5: | 0392ADA071EB68355BED625D8F9695F3 |
SHA1: | 777253141235B6C6AC92E17E297A1482E82252CC |
SHA-256: | B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7 |
SHA-512: | EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\DataIndustrial.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2697 |
Entropy (8bit): | 5.113966054727882 |
Encrypted: | false |
SSDEEP: | 48:QPD1RRvEvyAlMK/YhVDp4lGulM8MMdERXqGRflqMod5RPopaivQk:QJ8v/MKQhV96GsM81dUXezivQk |
MD5: | 54935251D21C89684C27AF8791A38BFB |
SHA1: | 807DDB107E5D9E2B41579ECCB0BE4943E391C1C4 |
SHA-256: | 70DA0A8591E5FAA0AFC2695092A312697A5238683BA547CC3A0ACFD116CB9633 |
SHA-512: | 24FF6D7A4F4EFBC296F4C4A4D0D10E4C5787197A47FFFEB8657D78C20021094C1A4770AE9A4B86306AB88CED75B0FBA8FB59B54C4FFD2D04CE1321F7EBCE0A62 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DataIndustrial.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2958 |
Entropy (8bit): | 7.57557280099545 |
Encrypted: | false |
SSDEEP: | 48:fqEaTvNp1UdcP8jugDJ1SR7pPrqBGKFwwiYJYUEGJRTHXGzO3brRCP81q7U6Aoq6:fPaTVQdcITJ1SjxXNctD3/m81q70oq6 |
MD5: | 30967AF721B7BD965C6D20E47C5DC820 |
SHA1: | 431FA3B63C54BC7C96F7D82E33D8ABFE9010F64E |
SHA-256: | A262CACEDFB25B52DFCE23AE9E9C0624977B8FF3934C7A99CE5BF2CCE24BFCC5 |
SHA-512: | DF99A50352F92533680B3F4203F30B83F6CEACC5021F5339737C62EEBC1ADB3B697C44D80C450CA18D442B52343458B251A0C0BF7807ED06D7818EA98A06C99C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DataIndustrial.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 514 |
Entropy (8bit): | 5.043001679678584 |
Encrypted: | false |
SSDEEP: | 12:ovaXfbp3j+zc/Xmsa8Fz7ZZg1kXTpcMBSndEzF:Zlj/2shOkDjBgS5 |
MD5: | F480FD73D5D56EF2D600A6C8C6599C43 |
SHA1: | 11E2ECDB1A03B14E6CEA22F1F3CB1F74598FC3E4 |
SHA-256: | 389240DF6C6C2C07610F9EB41087738E9D1C5737663C16DFB6EB1CDD336D8415 |
SHA-512: | 8BEF25F7A924F8423C6F220394A3F3E0244D82B883E4240E25EB8FFF62D4E059CE2A8C36EDCF144CC112469804BE7455F020C9330F5DCE977B742F3A64CD9633 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.080851968620249 |
TrID: |
|
File name: | DataIndustrial.exe |
File size: | 824'832 bytes |
MD5: | 152843eaad328f6a699815f061586c98 |
SHA1: | d3e216b2edc83036e5846d15d15ecfb7f80d255b |
SHA256: | 34c92fe58fc12ef4ddb24159e745c05e48c3f27e4953a3ba4a87651516bd7d7b |
SHA512: | 085640598c062f28c405232265e9207b836dcfc4dd7c96f38fd101a843924652e9c577d6e46c629978881358c9e57652e104d36b1598b7425f5f6de086188d25 |
SSDEEP: | 12288:+A/cG1R2LUTD6XU5Ua/CcdubpxERMFqBczR+NzgrieL:+ZG1R2AD6rAVubpxERM4Q8zC |
TLSH: | 6C054A217A81C93AD0B32471CA7E86AE51A9FD30076449C7B3C43A7F0EF55E2AD36716 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oxt.+..E+..E+..E..wE%..E..aE0..E+..E...E"a.E4..E"a.E...E5K.E(..E"a.E...E5K.E*..E"a.E*..ERich+..E................PE..L....e`K... |
Icon Hash: | 822629d66d5acc2d |
Entrypoint: | 0x467637 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4B606508 [Wed Jan 27 16:08:40 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 0f78ae6e4671d03bf1f33dc0727299f7 |
Instruction |
---|
call 00007F7F887FFCFBh |
jmp 00007F7F887F4DFDh |
push 0000000Ch |
push 00498D88h |
call 00007F7F887F5254h |
and dword ptr [ebp-1Ch], 00000000h |
mov esi, dword ptr [ebp+08h] |
cmp esi, dword ptr [004A2D4Ch] |
jnbe 00007F7F887F4FA4h |
push 00000004h |
call 00007F7F887FD17Fh |
pop ecx |
and dword ptr [ebp-04h], 00000000h |
push esi |
call 00007F7F887FD986h |
pop ecx |
mov dword ptr [ebp-1Ch], eax |
mov dword ptr [ebp-04h], FFFFFFFEh |
call 00007F7F887F4F8Eh |
mov eax, dword ptr [ebp-1Ch] |
call 00007F7F887F5260h |
ret |
push 00000004h |
call 00007F7F887FD07Ah |
pop ecx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
mov esi, dword ptr [ebp+08h] |
cmp esi, FFFFFFE0h |
ja 00007F7F887F5027h |
push ebx |
push edi |
mov edi, dword ptr [0047E128h] |
cmp dword ptr [004A14F4h], 00000000h |
jne 00007F7F887F4F9Ah |
call 00007F7F887FF4DDh |
push 0000001Eh |
call 00007F7F887FF32Bh |
push 000000FFh |
call 00007F7F887F5D6Bh |
pop ecx |
pop ecx |
mov eax, dword ptr [004A2D5Ch] |
cmp eax, 01h |
jne 00007F7F887F4F90h |
test esi, esi |
je 00007F7F887F4F86h |
mov eax, esi |
jmp 00007F7F887F4F85h |
xor eax, eax |
inc eax |
push eax |
jmp 00007F7F887F4F9Eh |
cmp eax, 03h |
jne 00007F7F887F4F8Dh |
push esi |
call 00007F7F887F4ED8h |
pop ecx |
test eax, eax |
jne 00007F7F887F4F98h |
test esi, esi |
jne 00007F7F887F4F83h |
inc esi |
add esi, 0Fh |
and esi, FFFFFFF0h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x993ec | 0x118 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa3000 | 0x2c7dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7e700 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x8f030 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7e000 | 0x650 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x99364 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x7c04e | 0x7c200 | 646a8587c603b438fccc5ecd6f389f6d | False | 0.4700127454682779 | data | 6.400708969249751 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7e000 | 0x1d51c | 0x1d600 | af22a3829158737bdbcd7f019004a27d | False | 0.2912234042553192 | data | 5.219647143953636 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9c000 | 0x6d84 | 0x3200 | a968034e43462fe599bc9b6d5f81077d | False | 0.29296875 | data | 4.440810499507069 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xa3000 | 0x2c7dc | 0x2c800 | 3239b331947fa8c7072dda7528c6d154 | False | 0.15952532478932585 | data | 4.168486857178296 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0xa4564 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
RT_CURSOR | 0xa4698 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
RT_CURSOR | 0xa474c | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
RT_CURSOR | 0xa4880 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
RT_CURSOR | 0xa49b4 | 0x134 | data | English | United States | 0.37337662337662336 |
RT_CURSOR | 0xa4ae8 | 0x134 | data | English | United States | 0.37662337662337664 |
RT_CURSOR | 0xa4c1c | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0xa4d50 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
RT_CURSOR | 0xa4e84 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0xa4fb8 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0xa50ec | 0x134 | data | English | United States | 0.44155844155844154 |
RT_CURSOR | 0xa5220 | 0x134 | data | English | United States | 0.4155844155844156 |
RT_CURSOR | 0xa5354 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
RT_CURSOR | 0xa5488 | 0x134 | data | English | United States | 0.2662337662337662 |
RT_CURSOR | 0xa55bc | 0x134 | data | English | United States | 0.2824675324675325 |
RT_CURSOR | 0xa56f0 | 0x134 | data | English | United States | 0.3246753246753247 |
RT_BITMAP | 0xa5824 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.09908536585365854 |
RT_BITMAP | 0xa5ab4 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.09298780487804878 |
RT_BITMAP | 0xa5d44 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.09298780487804878 |
RT_BITMAP | 0xa5fd4 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.09451219512195122 |
RT_BITMAP | 0xa6264 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.09603658536585366 |
RT_BITMAP | 0xa64f4 | 0x290 | Device independent bitmap graphic, 14 x 14 x 24, image size 616 | English | United States | 0.0975609756097561 |
RT_BITMAP | 0xa6784 | 0x106d0 | Device independent bitmap graphic, 273 x 82 x 24, image size 67240 | English | United States | 0.07379607609988109 |
RT_BITMAP | 0xb6e54 | 0x4e88 | Device independent bitmap graphic, 200 x 200 x 4, image size 20000, 16 important colors | English | United States | 0.052327894946279346 |
RT_BITMAP | 0xbbcdc | 0x4e8 | Device independent bitmap graphic, 48 x 48 x 4, image size 1152, 16 important colors | English | United States | 0.05015923566878981 |
RT_BITMAP | 0xbc1c4 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
RT_BITMAP | 0xbc27c | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
RT_ICON | 0xbc3c0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.3456678700361011 |
RT_MENU | 0xbcc68 | 0x18e | Matlab v4 mat-file (little endian) E, numeric, rows 5046288, columns 6881377, imaginary | English | United States | 0.5703517587939698 |
RT_DIALOG | 0xbcdf8 | 0x16c | data | English | United States | 0.5082417582417582 |
RT_DIALOG | 0xbcf64 | 0x76 | data | English | United States | 0.7627118644067796 |
RT_DIALOG | 0xbcfdc | 0x110 | data | English | United States | 0.5882352941176471 |
RT_DIALOG | 0xbd0ec | 0x4e4 | data | English | United States | 0.43210862619808305 |
RT_DIALOG | 0xbd5d0 | 0xd4 | data | English | United States | 0.6792452830188679 |
RT_DIALOG | 0xbd6a4 | 0x948 | data | English | United States | 0.30597643097643096 |
RT_DIALOG | 0xbdfec | 0x1b6 | data | English | United States | 0.5319634703196348 |
RT_DIALOG | 0xbe1a4 | 0x9c4 | data | English | United States | 0.2564 |
RT_DIALOG | 0xbeb68 | 0x5b6 | data | English | United States | 0.41450068399452805 |
RT_DIALOG | 0xbf120 | 0x8ca | data | English | United States | 0.3648888888888889 |
RT_DIALOG | 0xbf9ec | 0x1d2 | data | English | United States | 0.5386266094420601 |
RT_DIALOG | 0xbfbc0 | 0x62 | data | English | United States | 0.8163265306122449 |
RT_DIALOG | 0xbfc24 | 0x4f8 | data | English | United States | 0.419811320754717 |
RT_DIALOG | 0xc011c | 0x732 | data | English | United States | 0.3751357220412595 |
RT_DIALOG | 0xc0850 | 0x4b0 | data | English | United States | 0.42083333333333334 |
RT_DIALOG | 0xc0d00 | 0x2ec | data | English | United States | 0.47459893048128343 |
RT_DIALOG | 0xc0fec | 0x318 | data | English | United States | 0.3939393939393939 |
RT_DIALOG | 0xc1304 | 0x214 | data | English | United States | 0.556390977443609 |
RT_DIALOG | 0xc1518 | 0x46e | data | English | United States | 0.36155202821869487 |
RT_DIALOG | 0xc1988 | 0x238 | data | English | United States | 0.5475352112676056 |
RT_DIALOG | 0xc1bc0 | 0x600 | data | English | United States | 0.4186197916666667 |
RT_DIALOG | 0xc21c0 | 0xbd8 | data | English | United States | 0.35686015831134565 |
RT_DIALOG | 0xc2d98 | 0xbb4 | data | English | United States | 0.3818424566088118 |
RT_DIALOG | 0xc394c | 0xbc | data | English | United States | 0.6595744680851063 |
RT_DIALOG | 0xc3a08 | 0xcc | data | English | United States | 0.6764705882352942 |
RT_DIALOG | 0xc3ad4 | 0x4c | data | English | United States | 0.8157894736842105 |
RT_DIALOG | 0xc3b20 | 0xe90 | data | English | United States | 0.3444206008583691 |
RT_DIALOG | 0xc49b0 | 0xe8 | data | English | United States | 0.6336206896551724 |
RT_DIALOG | 0xc4a98 | 0x34 | data | English | United States | 0.9038461538461539 |
RT_STRING | 0xc4acc | 0x52 | data | English | United States | 0.6707317073170732 |
RT_STRING | 0xc4b20 | 0x36 | Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 0 | English | United States | 0.6666666666666666 |
RT_STRING | 0xc4b58 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
RT_STRING | 0xc4bdc | 0x2a | data | English | United States | 0.5476190476190477 |
RT_STRING | 0xc4c08 | 0x184 | data | English | United States | 0.48711340206185566 |
RT_STRING | 0xc4d8c | 0x4e6 | data | English | United States | 0.37719298245614036 |
RT_STRING | 0xc5274 | 0x264 | data | English | United States | 0.3333333333333333 |
RT_STRING | 0xc54d8 | 0x2da | data | English | United States | 0.3698630136986301 |
RT_STRING | 0xc57b4 | 0x8a | data | English | United States | 0.6594202898550725 |
RT_STRING | 0xc5840 | 0xac | data | English | United States | 0.45348837209302323 |
RT_STRING | 0xc58ec | 0xde | data | English | United States | 0.536036036036036 |
RT_STRING | 0xc59cc | 0x4a8 | data | English | United States | 0.3221476510067114 |
RT_STRING | 0xc5e74 | 0x228 | data | English | United States | 0.4003623188405797 |
RT_STRING | 0xc609c | 0x2c | data | English | United States | 0.5227272727272727 |
RT_STRING | 0xc60c8 | 0x42 | data | English | United States | 0.6060606060606061 |
RT_GROUP_CURSOR | 0xc610c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0 |
RT_GROUP_CURSOR | 0xc6130 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6144 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6158 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc616c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6180 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6194 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc61a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc61bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc61d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc61e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc61f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc620c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6220 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xc6234 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0xc6248 | 0x14 | data | English | United States | 1.15 |
RT_VERSION | 0xc625c | 0x320 | data | English | United States | 0.46375 |
RT_HTML | 0xc657c | 0xb8e | GIF image data, version 89a, 108 x 109 | English | United States | 0.980054090601758 |
RT_HTML | 0xc710c | 0x29e | PC bitmap, Windows 3.x format, 14 x 14 x 24, image size 616, cbSize 670, bits offset 54 | English | United States | 0.10597014925373134 |
RT_HTML | 0xc73ac | 0xb99 | GIF image data, version 89a, 190 x 14 | English | United States | 0.9818120579319636 |
RT_HTML | 0xc7f48 | 0x202 | ASCII text, with CRLF line terminators | English | United States | 0.5544747081712063 |
RT_HTML | 0xc814c | 0x1bf9 | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.25401480240189916 |
RT_HTML | 0xc9d48 | 0x40d | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.5168756027000965 |
RT_HTML | 0xca158 | 0x16d | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.6136986301369863 |
RT_HTML | 0xca2c8 | 0x1cf | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.5680345572354212 |
RT_HTML | 0xca498 | 0xa89 | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.371523915461624 |
RT_HTML | 0xcaf24 | 0x90f | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.37257438551099614 |
RT_HTML | 0xcb834 | 0xa96 | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.34501845018450183 |
RT_HTML | 0xcc2cc | 0xa8c | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.37222222222222223 |
RT_HTML | 0xccd58 | 0xb81 | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.32869269949066215 |
RT_HTML | 0xcd8dc | 0xe11 | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.2915856706470425 |
RT_HTML | 0xce6f0 | 0xf8e | HTML document, ISO-8859 text, with CRLF line terminators | English | United States | 0.31115017579105975 |
RT_MANIFEST | 0xcf680 | 0x15a | ASCII text, with CRLF line terminators | English | United States | 0.5491329479768786 |
DLL | Import |
---|---|
KERNEL32.dll | GetFileAttributesA, GetFileSizeEx, GetFileTime, GetTickCount, RtlUnwind, HeapFree, ExitThread, CreateThread, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetStartupInfoA, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, ExitProcess, HeapSize, GetACP, IsValidCodePage, HeapCreate, VirtualFree, GetStringTypeW, GetTimeZoneInformation, LCMapStringA, LCMapStringW, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, SetErrorMode, GetModuleHandleW, GetOEMCP, GetCPInfo, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetThreadLocale, WritePrivateProfileStringA, GetCurrentProcessId, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, InterlockedExchange, lstrcmpA, RaiseException, InterlockedDecrement, GetModuleFileNameW, LocalFree, lstrlenA, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, CompareStringA, lstrcmpW, GetModuleHandleA, ReadFile, WriteFile, SetCommTimeouts, GetCommState, BuildCommDCBA, SetCommState, PurgeComm, SetEvent, ResetEvent, WaitForSingleObject, FreeResource, GlobalAlloc, ResumeThread, GlobalLock, GlobalUnlock, MulDiv, GlobalFree, CreateEventA, FileTimeToLocalFileTime, FileTimeToSystemTime, GetUserDefaultLangID, GetModuleFileNameA, LoadLibraryA, GetProcAddress, FreeLibrary, GetDefaultCommConfigA, GetVersionExA, QueryDosDeviceA, SetLastError, CreateFileA, CloseHandle, lstrlenW, MultiByteToWideChar, GetLastError, FormatMessageA, WideCharToMultiByte, LoadResource, LockResource, SizeofResource, FindResourceA, GetStringTypeA, Sleep |
USER32.dll | GetNextDlgGroupItem, MessageBeep, RegisterClipboardFormatA, PostThreadMessageA, ReleaseCapture, SetCapture, InvalidateRgn, IsRectEmpty, CopyAcceleratorTableA, UnregisterClassA, LoadCursorA, GetSysColorBrush, CharUpperA, DestroyMenu, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetWindowContextHelpId, MapDialogRect, GetWindowThreadProcessId, GetMessageA, TranslateMessage, GetCursorPos, ValidateRect, SetCursor, PostQuitMessage, SetRectEmpty, IsZoomed, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckDlgButton, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuA, GetMenuState, CheckMenuItem, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, GetKeyState, SetMenu, SetForegroundWindow, PostMessageA, GetSubMenu, GetMenuItemID, GetMenuItemCount, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, PtInRect, GetMenu, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, WindowFromPoint, GetWindowPlacement, GetWindowRect, EnableMenuItem, CharNextA, GetWindow, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, UpdateWindow, InvalidateRect, CopyRect, GetSysColor, FillRect, GetDC, ReleaseDC, SetRect, PeekMessageA, LoadIconA, IsWindowVisible, IsIconic, GetSystemMenu, SetMenuItemInfoA, GetMenuItemInfoA, AppendMenuA, DrawIcon, GetSystemMetrics, SetWindowLongA, GetCaretPos, GetClientRect, GetFocus, KillTimer, SetTimer, LoadBitmapA, SendMessageA, EnableWindow, SetFocus |
GDI32.dll | ExtSelectClipRgn, GetStockObject, CreateRectRgnIndirect, GetRgnBox, GetTextColor, GetMapMode, GetWindowExtEx, GetViewportExtEx, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetBkColor, CreateSolidBrush, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32A, GetTextMetricsA, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, GetObjectA, CreateFontIndirectA, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, DeleteObject, GetDeviceCaps |
COMDLG32.dll | GetFileTitleA |
WINSPOOL.DRV | EnumPortsA, DocumentPropertiesA, OpenPrinterA, ClosePrinter |
ADVAPI32.dll | RegQueryInfoKeyA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegFlushKey, RegQueryValueExA |
SHELL32.dll | ShellExecuteA |
COMCTL32.dll | |
SHLWAPI.dll | PathFindFileNameA, PathStripToRootA, PathIsUNCA, PathFindExtensionA |
oledlg.dll | |
ole32.dll | OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, OleIsCurrentClipboard, CoTaskMemFree, CreateStreamOnHGlobal, CoInitialize, OleFlushClipboard, CoRegisterMessageFilter, CoRevokeClassObject, CoTaskMemAlloc |
OLEAUT32.dll | OleCreateFontIndirect, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, SafeArrayCreate, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnaccessData, LoadRegTypeLib, SysAllocString, DispCallFunc, VariantCopy, SysAllocStringByteLen, SysStringLen, VariantInit, VariantChangeType, VariantClear, OleLoadPicture, SysFreeString, SysAllocStringLen |
VERSION.dll | GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 22, 2024 16:17:18.650443077 CEST | 53 | 62095 | 162.159.36.2 | 192.168.2.4 |
Oct 22, 2024 16:17:19.270243883 CEST | 51771 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 22, 2024 16:17:19.278431892 CEST | 53 | 51771 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 22, 2024 16:17:19.270243883 CEST | 192.168.2.4 | 1.1.1.1 | 0x6e61 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 22, 2024 16:17:19.278431892 CEST | 1.1.1.1 | 192.168.2.4 | 0x6e61 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:16:47 |
Start date: | 22/10/2024 |
Path: | C:\Users\user\Desktop\DataIndustrial.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 824'832 bytes |
MD5 hash: | 152843EAAD328F6A699815F061586C98 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 4.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.6% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 42 |
Graph
Function 0041F780 Relevance: 24.8, APIs: 4, Strings: 10, Instructions: 263windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D8B2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004467E3 Relevance: 2.0, APIs: 1, Instructions: 452COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DACE Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004441CD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 175windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DEF7 Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004674E8 Relevance: 22.6, APIs: 15, Instructions: 86COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045214D Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441BDB Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F0A0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C68F Relevance: 15.1, APIs: 10, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A744 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EE15 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AF01 Relevance: 12.1, APIs: 8, Instructions: 72stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004530F6 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426920 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 76fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F014 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441A25 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C87C Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044ED63 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004561E2 Relevance: 4.7, APIs: 3, Instructions: 245COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441E13 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E6CC Relevance: 4.5, APIs: 3, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441404 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044823C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426840 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F3F0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460559 Relevance: 3.0, APIs: 2, Instructions: 45comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044662C Relevance: 3.0, APIs: 2, Instructions: 32threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004428A6 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004482FF Relevance: 3.0, APIs: 2, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E87A Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BED2 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045B06A Relevance: 1.6, APIs: 1, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D27D Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444FBF Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427400 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004431FF Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444D15 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445128 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004432AE Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D4A3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F6B1 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D9A9 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441DD4 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004483A1 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426890 Relevance: 1.5, APIs: 1, Instructions: 12windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426D00 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 225libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460D51 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 323windowkeyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004513CB Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 125memoryfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442063 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426800 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471A57 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466AC2 Relevance: .4, Instructions: 384COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004666A2 Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466296 Relevance: .4, Instructions: 361COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00465EC2 Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C150 Relevance: 117.6, APIs: 36, Strings: 31, Instructions: 386COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004022F0 Relevance: 92.9, APIs: 31, Strings: 22, Instructions: 166memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B760 Relevance: 91.5, APIs: 32, Strings: 20, Instructions: 498memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E650 Relevance: 84.4, APIs: 23, Strings: 25, Instructions: 440memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042EC50 Relevance: 84.4, APIs: 23, Strings: 25, Instructions: 430memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004366C0 Relevance: 77.4, APIs: 31, Strings: 13, Instructions: 424memorysleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00429A60 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 284memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A6C0 Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 264memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434320 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 259memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437B80 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 233memorysleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460422 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 45registryclipboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E180 Relevance: 40.7, APIs: 5, Strings: 18, Instructions: 458memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438970 Relevance: 40.6, APIs: 15, Strings: 8, Instructions: 320memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FE4A Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 420stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413630 Relevance: 33.6, APIs: 4, Strings: 15, Instructions: 331memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441F1B Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FC10 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 201memorysleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FF60 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 280memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00435380 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 188memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434CC0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 181memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004134E0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 79memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440560 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 171sleepfiletimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440780 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 164filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046A23C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D3EC Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044969C Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004670EB Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 42threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043BE60 Relevance: 15.1, APIs: 10, Instructions: 101COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F480 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 144memoryregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004188E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 61memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00477BAC Relevance: 13.6, APIs: 9, Instructions: 146librarymemoryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045230C Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424F90 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 219sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A600 Relevance: 10.6, APIs: 7, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A752 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451CF1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444947 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EBAB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EA2D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411400 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D429 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F049 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442AA5 Relevance: 10.6, APIs: 7, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004523AD Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004530B0 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A213 Relevance: 9.4, APIs: 6, Instructions: 403COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004618F5 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413C10 Relevance: 9.2, APIs: 6, Instructions: 188memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403E70 Relevance: 9.2, APIs: 6, Instructions: 170memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004573A1 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461CE1 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046716E Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451AAF Relevance: 9.0, APIs: 6, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458E40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447F37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043FFB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004534E6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00477A62 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046706D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464A80 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A990 Relevance: 7.6, APIs: 5, Instructions: 112memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004263A0 Relevance: 7.6, APIs: 5, Instructions: 98stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044549B Relevance: 7.6, APIs: 5, Instructions: 80windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E8A5 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E935 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004518BF Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464E0B Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004670DF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F930 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040165D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73memorysleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004013C1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72memorysleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004283D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EDF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445C7D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469AEC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452AA2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B6E2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EDE5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004339C0 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004598E2 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045B874 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F0CC Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004487EB Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452F13 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004541B5 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425F60 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D975 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045ABC6 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448E98 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044193F Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DDB1 Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446765 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F6B3 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451197 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460C5C Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445320 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444B50 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C797 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044793B Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442E9B Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B9C0 Relevance: 6.0, APIs: 4, Instructions: 35synchronizationCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441D43 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460506 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004515EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043EBC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59memoryregistryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461186 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469865 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004475E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046123B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|