Windows
Analysis Report
fxc.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- fxc.exe (PID: 7312 cmdline:
"C:\Users\ user\Deskt op\fxc.exe " MD5: 0B1904602A90ED190066095F29A3F92A) - WerFault.exe (PID: 7388 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 312 -s 232 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Code function: | 0_2_00007FF7BC212410 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7BC2085E0 | |
Source: | Code function: | 0_2_00007FF7BC21EF88 |
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FF7BC1F1D30 | |
Source: | Code function: | 0_2_00007FF7BC200230 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7BC1F1D30 | |
Source: | Code function: | 0_2_00007FF7BC1F12D0 | |
Source: | Code function: | 0_2_00007FF7BC201B10 | |
Source: | Code function: | 0_2_00007FF7BC209420 | |
Source: | Code function: | 0_2_00007FF7BC203D40 | |
Source: | Code function: | 0_2_00007FF7BC1F7520 | |
Source: | Code function: | 0_2_00007FF7BC1FD590 | |
Source: | Code function: | 0_2_00007FF7BC1F8590 | |
Source: | Code function: | 0_2_00007FF7BC1F6D90 | |
Source: | Code function: | 0_2_00007FF7BC226558 | |
Source: | Code function: | 0_2_00007FF7BC21D5F4 | |
Source: | Code function: | 0_2_00007FF7BC211E40 | |
Source: | Code function: | 0_2_00007FF7BC2046C0 | |
Source: | Code function: | 0_2_00007FF7BC21EF88 | |
Source: | Code function: | 0_2_00007FF7BC200790 | |
Source: | Code function: | 0_2_00007FF7BC2097A0 | |
Source: | Code function: | 0_2_00007FF7BC202FE0 | |
Source: | Code function: | 0_2_00007FF7BC215870 | |
Source: | Code function: | 0_2_00007FF7BC211207 | |
Source: | Code function: | 0_2_00007FF7BC1FB1F0 | |
Source: | Code function: | 0_2_00007FF7BC210A20 | |
Source: | Code function: | 0_2_00007FF7BC1F2B10 | |
Source: | Code function: | 0_2_00007FF7BC1F4350 | |
Source: | Code function: | 0_2_00007FF7BC210BD0 | |
Source: | Code function: | 0_2_00007FF7BC203400 | |
Source: | Code function: | 0_2_00007FF7BC212410 | |
Source: | Code function: | 0_2_00007FF7BC2233FC | |
Source: | Code function: | 0_2_00007FF7BC20EC90 | |
Source: | Code function: | 0_2_00007FF7BC206C60 |
Source: | Code function: |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF7BC201B10 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7BC215870 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_00007FF7BC2085E0 | |
Source: | Code function: | 0_2_00007FF7BC21EF88 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF7BC21E54C |
Source: | Code function: | 0_2_00007FF7BC215870 |
Source: | Code function: | 0_2_00007FF7BC221F64 |
Source: | Code function: | 0_2_00007FF7BC21E54C | |
Source: | Code function: | 0_2_00007FF7BC218F70 | |
Source: | Code function: | 0_2_00007FF7BC219118 | |
Source: | Code function: | 0_2_00007FF7BC226ADC |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7BC2263A0 |
Source: | Code function: | 0_2_00007FF7BC212410 |
Source: | Code function: | 0_2_00007FF7BC218E4C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 2 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Process Injection | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
53% | ReversingLabs | Win64.Trojan.Generic | ||
100% | Avira | TR/AVI.Agent.robcr |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1541091 |
Start date and time: | 2024-10-24 12:06:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | fxc.exe |
Detection: | MAL |
Classification: | mal60.winEXE@3/7@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: fxc.exe
Time | Type | Description |
---|---|---|
06:07:12 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fxc.exe_d5c59118b01e5ac2e9fe2cdeb3cf1adce977e24e_6f60c9ae_8b4724b5-c86e-4711-b290-a9b5b2b0ec6d\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6728573216818682 |
Encrypted: | false |
SSDEEP: | 96:6sFb+Ix67sYhqFy7qA8SKQXIDcQTc65cE1cw3u+HbHg/KHnOgrZAX/d5FMT2SlPB:z5x678/U0N9/Dj+zuiF/Z24lO8ID |
MD5: | 3691DBE0C0CCD7C21D1906B1B48F6608 |
SHA1: | 6AE458A3EB2C13F909F3838734A189E8E7A83711 |
SHA-256: | 4AE7D1474B59ABCDCA2CDECC26C57B90B9742B706C6D95277B893FC2C0351A8E |
SHA-512: | 36B0C7FFC3E71AA1638B68A310A941CB452AB53388B818981BF9A1D22E2324EF1E521C1DDF668995E8250F1E174C4B77013896A564D4FC9B69E3DA8276F51AC9 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45042 |
Entropy (8bit): | 1.405447527681338 |
Encrypted: | false |
SSDEEP: | 96:5w8EH/X74RvrEXi7V1Ii6l1lsUzTBiBgNBhuOWIqsIGKKAeT:REDOV1IhuUzUijXL |
MD5: | 675533C5A57EE551BA29EFD019E4B910 |
SHA1: | F22AB31832151DE70D41C9264595929A2426871F |
SHA-256: | 559F5095C2EC35E87C0676A6109C136D08764FEAC2103F265F2AED9D739C9A57 |
SHA-512: | A173BEBBA6783FBF0473EA3EE6981D66F0BAD9599B0E2E6513825CA8B70924546973FA43DE4D8234852C8BDD126701AA62DDE27C6854488B87A8753C5779F68C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8548 |
Entropy (8bit): | 3.6882233133926294 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJTfwr8V6Y9RdLZIgmfDopDa89b8Dkf+0m:R6lXJLwr8V6YbPIgmfDW8gfk |
MD5: | F5AE93F79CE827BEB61C8E994328D5E6 |
SHA1: | 42A5AAC3A912BCAF36D6DF19CC771790BA5F25CB |
SHA-256: | 0E33EE03DAAC5F2EA81A0F56897B66615E4887B788A769CAA004D86EF6EC8258 |
SHA-512: | 27C397DA9F17ECEEB70F1CE9B66CE17FBB91C276D371FF347931515E935700F4B3EC161C0F35335E9449C16EB6E02EBABCDF61CF90953E183497B34E06190C9F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4707 |
Entropy (8bit): | 4.412733950254919 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg771I9HyzJWpW8VY6Ym8M4JNXVgFJ8yq8vfXVpuQreTd:uIjffI79s7VaJ28WvuoGd |
MD5: | 561D5A71770CB8AFF8689E0E23AF95C9 |
SHA1: | A647710A9981C58D1BCDB90D90D4B623E6083E73 |
SHA-256: | 81CC975015FF88FF1E7E4EBD13B3BA84660EBFBAC760BB0E9C2BF7AE5990F19A |
SHA-512: | 853E04B7500445077BB4FDD8D09EAD56841A27B390244DD6E2D64FF566F808E64E84F13E9BD261961380B5EEF5A7FE75F0851348661C4EBE8E3B525F81748904 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465446814406059 |
Encrypted: | false |
SSDEEP: | 6144:gIXfpi67eLPU9skLmb0b4eWSPKaJG8nAgejZMMhA2gX4WABl0uNMdwBCswSbkn:lXD94eWlLZMM6YFHq+kn |
MD5: | E2FC2FECDC61BD1707A31530694208C9 |
SHA1: | C6415863386027A0ACE5552FB147731897E82B7B |
SHA-256: | F4E04A62E0F77566C5DC0D8E34BE43CD9BB57AC2181F7905E17BD7E37F147E6F |
SHA-512: | CC8364C8E000031CDAAFD784AAF47EC8875ECE8F266B078BFB1F5CD83ED900B34D7C94FEEBD17872EBB9AE595ED45FE5D6160FA8FE8FB4CDD66DA2F455105B76 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\fxc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13 |
Entropy (8bit): | 3.238901256602631 |
Encrypted: | false |
SSDEEP: | 3:5bn:5b |
MD5: | B8E0C5361ACE0B62719F10962426B704 |
SHA1: | 9386FD982496B811D4FEAEB51631AC9C08E97F76 |
SHA-256: | 954297FEA35BC7CCC2C8E474E61EE24ED7248C625804B9FF8768EA15554C2773 |
SHA-512: | 41DC778B14295F97A435DD6BF142D1DFD63A5A17B7D519B9E92CFB9C4BBFCB50B0FFAAF6121E604FE996CA4CF0FE62FD8825EAFD222A10E2BE25D0DCDE6509B8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\fxc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:H:H |
MD5: | EF399B2D446BB37B7C32AD2CC1B6045B |
SHA1: | 1B480158E1F30E0B6CEE7813E9ECF094BD6B3745 |
SHA-256: | 6C45CB72A36E63D522AA54ED8ADBD7A29A989474F2F77E0458AF8800564EF3CB |
SHA-512: | BF9C0733CA09AE29BAE7EFBFF03B69E87A5489CE610F19DA806F795847563F6055964E5AEC1771293067662402C8613BEB0F498E77E20820587E133B16F73CF5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.299817634972105 |
TrID: |
|
File name: | fxc.exe |
File size: | 324'608 bytes |
MD5: | 0b1904602a90ed190066095f29a3f92a |
SHA1: | f0a25529b0d0aabce9d72ba46aaf1c78c5b48c31 |
SHA256: | 6e349195bdc65a1964367317ba14b905440d75398c3fbb1911c3400082d7f149 |
SHA512: | d18058b6b1a045d8544db79940ca5500843a71d3541c012b01d0a70648d0b210113b1715b608c3866d61f41db521109b7084a109a279dc306aed4544ffd17b54 |
SSDEEP: | 6144:6BrFsAPhVdTPrOi4OU4Ym0D+slljJbJ3pvTVFIh:6BrFBEF3mEBvr |
TLSH: | 99645D15FB9618FDD5ABC074C6468A72B933B8860B21BDEF12A441353F276E46E3DB10 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E..0...c...c...cJ..b...cJ..b...cJ..b...c...b(..c...b...c...b...c...c...c...c...c9k.b...cRich...c................PE..d......f... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x140028b50 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x669FA2B4 [Tue Jul 23 12:31:48 2024 UTC] |
TLS Callbacks: | 0x4000e530, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | e56ef045fa5f5c9fae11e44b0b3dd79a |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F74C4B9CDC8h |
dec eax |
add esp, 28h |
jmp 00007F74C4B9C947h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
nop word ptr [eax+eax+00000000h] |
dec eax |
sub esp, 10h |
dec esp |
mov dword ptr [esp], edx |
dec esp |
mov dword ptr [esp+08h], ebx |
dec ebp |
xor ebx, ebx |
dec esp |
lea edx, dword ptr [esp+18h] |
dec esp |
sub edx, eax |
dec ebp |
cmovb edx, ebx |
dec esp |
mov ebx, dword ptr [00000010h] |
dec ebp |
cmp edx, ebx |
jnc 00007F74C4B9CAE8h |
inc cx |
and edx, 8D4DF000h |
wait |
add al, dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4bb04 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x4f000 | 0x24cc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x53000 | 0x9c8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x46a90 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x46b00 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x46950 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x39000 | 0x3d8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x37720 | 0x37800 | a02ec713fbe9974812e412b84ffebaad | False | 0.5355917440878378 | data | 6.3992226630856495 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x39000 | 0x1389a | 0x13a00 | 13b8deb7020ad1349aeef6eb5d67cc1f | False | 0.39951980493630573 | data | 5.309728177527535 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x4d000 | 0x1dd8 | 0xc00 | 217dde2fe845fd603a329ab7852c64e6 | False | 0.14485677083333334 | data | 2.0102799590686815 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x4f000 | 0x24cc | 0x2600 | ab62c9ecd85cc5c7443fed8a745a001f | False | 0.4862253289473684 | data | 5.453329444307597 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x52000 | 0x15c | 0x200 | 5556100c66644b92472d605a319cfb77 | False | 0.40625 | data | 3.2977765662674985 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x53000 | 0x9c8 | 0xa00 | 8233352803a1d795b1a18ffe13667efb | False | 0.5890625 | data | 5.39691148505322 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
kernel32.dll | CreateWaitableTimerExW, SetWaitableTimer, WaitForSingleObject, CloseHandle, Sleep, GetExitCodeProcess, HeapReAlloc, GetModuleHandleA, GetProcAddress, GetCurrentThread, TryAcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetStdHandle, GetConsoleMode, SetFilePointerEx, MultiByteToWideChar, WriteConsoleW, SetLastError, GetModuleHandleW, FormatMessageW, GetCurrentProcess, GetEnvironmentVariableW, CreateFileW, SetFileInformationByHandle, GetFullPathNameW, GetFileInformationByHandle, GetFileInformationByHandleEx, FindFirstFileW, FindClose, GetEnvironmentStringsW, HeapFree, CompareStringOrdinal, GetModuleFileNameW, GetSystemDirectoryW, AcquireSRWLockExclusive, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, DuplicateHandle, CreateThread, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, GetLastError, GetCurrentProcessId, CreateNamedPipeW, ReadFileEx, SleepEx, WriteFileEx, SetThreadStackGuarantee, TerminateProcess, GetProcessHeap, HeapAlloc, GetCurrentDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, CreateMutexA, WaitForSingleObjectEx, LoadLibraryA, ReleaseMutex, RtlVirtualUnwind, AcquireSRWLockShared, ReleaseSRWLockShared, DeleteFileW, GetConsoleOutputCP, FreeEnvironmentStringsW, AddVectoredExceptionHandler, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, RtlUnwindEx, EncodePointer, RaiseException, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RtlPcToFileHeader, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, WideCharToMultiByte, SetEnvironmentVariableW, SetStdHandle, GetFileType, GetStringTypeW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, HeapSize, FlushFileBuffers |
ntdll.dll | RtlNtStatusToDosError, NtReadFile, NtWriteFile |
bcrypt.dll | BCryptGenRandom |
advapi32.dll | SystemFunction036 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:06:56 |
Start date: | 24/10/2024 |
Path: | C:\Users\user\Desktop\fxc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7bc1f0000 |
File size: | 324'608 bytes |
MD5 hash: | 0B1904602A90ED190066095F29A3F92A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:06:57 |
Start date: | 24/10/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e4b30000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 64.3% |
Total number of Nodes: | 759 |
Total number of Limit Nodes: | 10 |
Graph
Function 00007FF7BC209420 Relevance: 144.4, APIs: 76, Strings: 5, Instructions: 2623memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F12D0 Relevance: 72.3, APIs: 35, Strings: 6, Instructions: 595memorysynchronizationtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F1D30 Relevance: 53.2, APIs: 28, Strings: 2, Instructions: 663memoryfilenativeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2085E0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191filememoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC201B10 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 378windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC200230 Relevance: 4.6, APIs: 3, Instructions: 66filenativesynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC206A00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 173memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F2920 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 139memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F1010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2187E0 Relevance: 6.1, APIs: 4, Instructions: 54memoryfileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC201611 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FE830 Relevance: 4.5, APIs: 3, Instructions: 38threadmemoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F3B90 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 120memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC215870 Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 481libraryloadermemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2046C0 Relevance: 33.9, APIs: 9, Strings: 10, Instructions: 676libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F2B10 Relevance: 27.5, APIs: 16, Strings: 2, Instructions: 509memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC211207 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 358memorythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC206C60 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 453COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC212410 Relevance: 18.5, APIs: 12, Instructions: 504memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC211E40 Relevance: 13.8, APIs: 9, Instructions: 264memorythreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21E54C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC20EC90 Relevance: 8.5, APIs: 3, Strings: 2, Instructions: 967memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC218E4C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC226558 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC203D40 Relevance: .3, Instructions: 342COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F4350 Relevance: .3, Instructions: 321COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FB1F0 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2263A0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC219118 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1F3340 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 257memorysynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC200340 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC221944 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC217A60 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 387COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21AE98 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC217C68 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 142memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2130F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91memorythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FFED0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 216COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21C13C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21E134 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC225E64 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FE4D0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21E2AC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21A4C8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FF990 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FF2D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21D2C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2261B4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21E374 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC215780 Relevance: 7.5, APIs: 5, Instructions: 42synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21B370 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21B6CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FF200 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC1FF650 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC2010D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21FFB4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21CAD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC217CD8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC217CE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC224550 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7BC21C5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|