Edit tour
Windows
Analysis Report
Setup.exe
Overview
General Information
| Sample name: | Setup.exe |
| Analysis ID: | 1562442 |
| MD5: | 0694a17da60d94bc3309098b233aef78 |
| SHA1: | c5c79592819ea20caf0d2223b4404283fd32c702 |
| SHA256: | 881fb060bd03a238a1c2b9221d15d28df8705870680c17ac5070510ec6355e2d |
| Infos: |   |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
LummaC encrypted strings found
Maps a DLL or memory area into another process
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
Setup.exe (PID: 5200 cmdline: "C:\Users\ user\Deskt op\Setup.e xe" MD5: 0694A17DA60D94BC3309098B233AEF78) 
more.com (PID: 6596 cmdline: C:\Windows \SysWOW64\ more.com MD5: 03805AE7E8CBC07840108F5C80CF4973) 
conhost.exe (PID: 4540 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
Gosse.com (PID: 3452 cmdline: C:\Users\u ser~1\AppD ata\Local\ Temp\Gosse .com MD5: 3F58A517F1F4796225137E7659AD2ADB) 
WerFault.exe (PID: 6168 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 596 -s 340 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["p10tgrace.sbs", "3xp3cts1aim.sbs", "s1gn1fyh0se.cyou", "p3ar11fter.sbs", "processhol.sbs", "peepburry828.sbs"], "Build id": "Dvh8ui--111"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source: | Author: frack113, Nasreddine Bencherchali: | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 8_2_0059C0D2 | |
| Source: | Code function: | 8_2_005DA187 | |
| Source: | Code function: | 8_2_005CE180 | |
| Source: | Code function: | 8_2_005DA2E4 | |
| Source: | Code function: | 8_2_005DA66E | |
| Source: | Code function: | 8_2_005D686D | |
| Source: | Code function: | 8_2_005CE9BA | |
| Source: | Code function: | 8_2_005D74F0 | |
| Source: | Code function: | 8_2_005D7591 | |
| Source: | Code function: | 8_2_005CDE32 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | Code function: | 8_2_005DD935 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 8_2_005DF664 | |
| Source: | Code function: | 8_2_005DF8D3 | |
| Source: | Code function: | 8_2_005DF664 | |
| Source: | Code function: | 8_2_005CAA95 | |
| Source: | Code function: | 8_2_005F9FB4 | |
| Source: | Code function: | 0_2_0040776F | |
| Source: | Code function: | 8_2_005CE3CB | |
| Source: | Code function: | 8_2_005C230F | |
| Source: | Code function: | 8_2_005CF76E | |
| Source: | Code function: | 0_2_0040A375 | |
| Source: | Code function: | 0_2_0040B1FD | |
| Source: | Code function: | 8_2_0059E32F | |
| Source: | Code function: | 8_2_005824CA | |
| Source: | Code function: | 8_2_00596599 | |
| Source: | Code function: | 8_2_005EC844 | |
| Source: | Code function: | 8_2_0058C9C0 | |
| Source: | Code function: | 8_2_005829E3 | |
| Source: | Code function: | 8_2_0057CBF0 | |
| Source: | Code function: | 8_2_00596C09 | |
| Source: | Code function: | 8_2_005D2D81 | |
| Source: | Code function: | 8_2_0056EE00 | |
| Source: | Code function: | 8_2_0056CE20 | |
| Source: | Code function: | 8_2_00582F23 | |
| Source: | Code function: | 8_2_00567070 | |
| Source: | Code function: | 8_2_0057F0DA | |
| Source: | Code function: | 8_2_005C9168 | |
| Source: | Code function: | 8_2_005F525A | |
| Source: | Code function: | 8_2_0057D37F | |
| Source: | Code function: | 8_2_00587746 | |
| Source: | Code function: | 8_2_005697D0 | |
| Source: | Code function: | 8_2_00587975 | |
| Source: | Code function: | 8_2_00581964 | |
| Source: | Code function: | 8_2_00573AD9 | |
| Source: | Code function: | 8_2_00587BD2 | |
| Source: | Code function: | 8_2_0056DC70 | |
| Source: | Code function: | 8_2_00599D1E | |
| Source: | Code function: | 8_2_00581FC1 | |
| Source: | Dropped File: | ||
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 8_2_005D4573 | |
| Source: | Code function: | 8_2_005C21C9 | |
| Source: | Code function: | 8_2_005C27D9 | |
| Source: | Code function: | 8_2_005D5D7E | |
| Source: | Code function: | 8_2_005CE2AB | |
| Source: | Code function: | 8_2_005C8056 | |
| Source: | Code function: | 8_2_005D3DBD | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 8_2_005EC00E | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 8_2_00581059 | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 8_2_005F2558 | |
| Source: | Code function: | 8_2_00575D03 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | 8_2_0059C0D2 | |
| Source: | Code function: | 8_2_005DA187 | |
| Source: | Code function: | 8_2_005CE180 | |
| Source: | Code function: | 8_2_005DA2E4 | |
| Source: | Code function: | 8_2_005DA66E | |
| Source: | Code function: | 8_2_005D686D | |
| Source: | Code function: | 8_2_005CE9BA | |
| Source: | Code function: | 8_2_005D74F0 | |
| Source: | Code function: | 8_2_005D7591 | |
| Source: | Code function: | 8_2_005CDE32 | |
| Source: | Code function: | 8_2_0057310D | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 8_2_005DF607 | |
| Source: | Code function: | 8_2_00592446 | |
| Source: | Code function: | 8_2_005EC00E | |
| Source: | Code function: | 0_2_00407E3F | |
| Source: | Code function: | 8_2_00584BF4 | |
| Source: | Code function: | 8_2_005C20BE | |
| Source: | Code function: | 8_2_00592446 | |
| Source: | Code function: | 8_2_00580E4D | |
| Source: | Code function: | 8_2_00580F9F | |
| Source: | Code function: | 8_2_005811EE | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | NtProtectVirtualMemory: | Jump to behavior | ||
| Source: | NtSetInformationThread: | Jump to behavior | ||
| Source: | NtQuerySystemInformation: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 8_2_005C230F | |
| Source: | Code function: | 8_2_00572D33 | |
| Source: | Code function: | 8_2_005CC078 | |
| Source: | Code function: | 8_2_005E2E89 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 8_2_005C1C68 | |
| Source: | Code function: | 8_2_005C2777 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 8_2_00580CA4 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 8_2_005D8C58 | |
| Source: | Code function: | 8_2_005A59C7 | |
| Source: | Code function: | 8_2_0059B782 | |
| Source: | Code function: | 8_2_0057310D | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 2 Valid Accounts | 1 Abuse Elevation Control Mechanism | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 2 Valid Accounts | 2 Obfuscated Files or Information | NTDS | 225 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 21 Access Token Manipulation | 1 DLL Side-Loading | LSA Secrets | 241 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 112 Process Injection | 111 Masquerading | Cached Domain Credentials | 1 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 112 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 24% | ReversingLabs | Win32.PUA.Generic | ||
| 100% | Avira | TR/Crypt.XPACK.Gen2 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| true |
| unknown | |
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1562442 |
| Start date and time: | 2024-11-25 15:33:22 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 46s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Setup.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@7/9@0/0 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Gosse.com, PID 3452 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Setup.exe
| Time | Type | Description |
|---|---|---|
| 09:34:24 | API Interceptor |
⊘No context
⊘No context
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\Gosse.com | Get hash | malicious | LummaC Stealer | Browse | ||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | PureCrypter | Browse | |||
| Get hash | malicious | PureCrypter | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_more.com_372e469ceb5bfc6b28195017a428fae683e4_8dec09d6_f736110d-adc2-45c8-961e-ed549c5547ba\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.7005080617230985 |
| Encrypted: | false |
| SSDEEP: | 96:6btDgswiy6kPsJs5zFXefBQXIDcQxc6/cE3cw3P6T+HbHgSXVG4rmMOycAS/ZAXh:ctDgs/HkPTd0/7trjWazuiFjZ24IO8K |
| MD5: | FFF0D81E1370D6B9CC4B2C748651A760 |
| SHA1: | 8E4FF2934609E1E819FD25B9040E080E3C9ED72B |
| SHA-256: | DE7F3B235E3FB627657D684EF23012D57DE9676AE7E94445B65165015B59419E |
| SHA-512: | F9D15FB666C658E36D348A285830C9B196859F8C9D9609EFF12B555E8BDDC8961EDDFC1C70B4A668C565F5992E11FBC9FE21D6EDE8A2F826C378E0F648BF926D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33618 |
| Entropy (8bit): | 2.644913701834248 |
| Encrypted: | false |
| SSDEEP: | 192:KNsNwVjOQRzzYUka4acZynuGSIvb6bKimhtknydSnhgQnwSYtAKI59Hd:1NwVaeYdU6mimhtjdSnOQnPYtGH |
| MD5: | 30C6825CB381F107ECEE73ACB44B2FBF |
| SHA1: | B3F91422E91C4B0C0E3BAA7C9D177A387CDF4DF6 |
| SHA-256: | 58BA891FA1427DEA03B5DCA1CCCB0EA0861C5D658A566C4DF1F30618AC4BBF8F |
| SHA-512: | 84DEC8A33690A5E293049833B83EFF8147B6C48744ADC9B9D6E201823FF581F914F7122C681E89C5768019B871C6808F928B810505E713E3495DA323449AACB1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8288 |
| Entropy (8bit): | 3.698436785854429 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJBI6o6YhK68gmfbd0i+pBt89bZDsfnCTm:R6lXJu6o6Yc68gmfbd0izZofP |
| MD5: | ADB16A094A3D03C440C26C4E87A8590F |
| SHA1: | 6D57A84F294AD8D8FF4B1F64E393470212CBD858 |
| SHA-256: | 9C4B23C3DCF29037314BA23B26C09BD860F0B1D9EC161EF91EF66FC52F4FB4BC |
| SHA-512: | 6ABC1422203B967497A5253481D938F8D9FCE50381015ABFE11635EAD7829A7E2307051B5FC6471310DA969F6EEFB4B78940B3AE9216CF0DCAD787920401B5D3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4633 |
| Entropy (8bit): | 4.46559007344394 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsBJg77aI9RWWpW8VYAYm8M4J1XFt+q8f7Qheg1+d:uIjfTI7D37VIJVGQheg1+d |
| MD5: | 4DF3A43068036CEB2D15DE0A72CC3464 |
| SHA1: | DB3BC3605B697A4F67D2BC4FA1C7DFB12409A19D |
| SHA-256: | 577F1C78D825D96CECC1CC61FFC1AA1532ED6E2558C348514872EC730C0D2A50 |
| SHA-512: | 62AEE59BE6954931C4BEFA1DCF352595762BA89D5FBE833210A9999331DB460DA64397E83CF796F77E8E505E12B3BF3D71D483285959A6476F9A949DF0B56FE9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Setup.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2095201 |
| Entropy (8bit): | 7.994644769346261 |
| Encrypted: | true |
| SSDEEP: | 49152:j6ulxJo2pZymGpwAwTJWkkN3epgbWbAdH/Y2QnRzfYnVBE:j6qxGIZymGpwAEWksCgqaSh6VBE |
| MD5: | A26B6D242E662ADA90B5E40D29901CE9 |
| SHA1: | F39DEC1F81A74FD0A8CFB0FA2F1FCAC32F262348 |
| SHA-256: | 154F03633CFD760DD9DC8D078A7ECE574688F0B8A77E6E6A02BFB6F181E9BBD6 |
| SHA-512: | BB7A612F543070AA2879FD54EFB5A6F21AD6DCB4052413168DF2C4912607A987510F4AED3692D62B06B6D3F105700332127C9B35F7DB9F3AA3B1D792D98CB209 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Setup.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 1995074 |
| Entropy (8bit): | 7.439322540940035 |
| Encrypted: | false |
| SSDEEP: | 24576:k/RG3tvIGNZjBZq5d0T4w1Y74EJYo5ytzG87WKJiXQzOJ9JboAZ2fLht3i4gz60s:SROIAnqY/c8iUehoLhxgz6h6o9KC |
| MD5: | 047D3B958ECDA8FB1B94D5CF47F5FD79 |
| SHA1: | 663B0BEE20ACC7B659D161B7B0DB1F5579A40F58 |
| SHA-256: | CB810AFBAC98D6B3E1DE137488EB5F0D7C748E08FFCAF583321D0BE895464F34 |
| SHA-512: | 04CF449249D5E4B6890E39E9F3FBDBB26C82E52557366200D2622EA67C837596CCC57620056F700263B7275D690AC0DF0D89E17D71FB53C1B4BF493AAF509CD6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\more.com |
| File Type: | |
| Category: | modified |
| Size (bytes): | 943784 |
| Entropy (8bit): | 6.621472142472864 |
| Encrypted: | false |
| SSDEEP: | 24576:MghN1a6pzWZ12+f+Qa7N4nEIRQ1hOOLkF6av8uh:vhN1aQzJD4BuTxavfh |
| MD5: | 3F58A517F1F4796225137E7659AD2ADB |
| SHA1: | E264BA0E9987B0AD0812E5DD4DD3075531CFE269 |
| SHA-256: | 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48 |
| SHA-512: | ACF740AAFCE390D06C6A76C84E7AE7C0F721731973AADBE3E57F2EB63241A01303CC6BF11A3F9A88F8BE0237998B5772BDAF569137D63BA3D0F877E7D27FC634 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Windows\SysWOW64\more.com |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 319488 |
| Entropy (8bit): | 6.8247381630250095 |
| Encrypted: | false |
| SSDEEP: | 6144:kScDdfoHvmx1oFT4mKkvzQ8L9ZSwMia5MHdkAPkj7oNzr:/cDqPEu4ys8Z5Mi9zPk4N/ |
| MD5: | 8A03328077D30121CB556BE56F95D07D |
| SHA1: | EC9D352BB026D7995653F9E08CC7EFE444626BB5 |
| SHA-256: | 8AA6EC6AD92B5BA62086C0A6DCBE46C0A000EA69A876CF3A14DF06E7E9E3CBF3 |
| SHA-512: | 5EEB728C82E79A542484BCCEAACB41884F77ABB36FFCB6475D3DA4C6EDD5EF6971C4C63E95147D53348C2C9C77CB598C152BEB19059A39C16680B83F7A9FECEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.413971632375733 |
| Encrypted: | false |
| SSDEEP: | 6144:7cifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNb5+:gi58oSWIZBk2MM6AFBZo |
| MD5: | A594F6FF1D72C2B60D9BC6D5F81E7A84 |
| SHA1: | 6FD3858EF705FA8965F776EBDF2C52303FC00CA5 |
| SHA-256: | BC8B0FA00F8CBEC529DBC55D93E76C03280CAF62A5AC82DEFB2FED88C1A68349 |
| SHA-512: | 8ED26E418C9061BE190615C246F5D5323F9DE38BBF6A36A181571FB638D33ABE9584F54249E7D951CD122503910F707B5DE0BEBF82152C7EC93F83DAE9DF5D86 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.3581510631363445 |
| TrID: |
|
| File name: | Setup.exe |
| File size: | 17'103'832 bytes |
| MD5: | 0694a17da60d94bc3309098b233aef78 |
| SHA1: | c5c79592819ea20caf0d2223b4404283fd32c702 |
| SHA256: | 881fb060bd03a238a1c2b9221d15d28df8705870680c17ac5070510ec6355e2d |
| SHA512: | c2ac25d98ba05ff72468154656e40af5a44b8d94bc6da21b4a65a00ec211ee8f65f033639eabf9f0129817e0aeb371f595fd4077d3e02b57960034c37c793dc0 |
| SSDEEP: | 393216:E+KwCY9SPj3CaQ4TmsjZyAeUGIcZfkshF:E+KwCImSsj0AeqctBhF |
| TLSH: | BE07D006B64AC5F6C08526B8DB1BDBF970313E78FA900883B3A47E5DF9B1B919465307 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L....`.c................../.................../...@...........................T.....N9........ .. ......................./. |
 | |
| Icon Hash: | e3d2e3f0ecda8a8c |
| Entrypoint: | 0x12ef3b2 |
| Entrypoint Section: | _RDATA2 |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
| DLL Characteristics: | |
| Time Stamp: | 0x639C6004 [Fri Dec 16 12:09:40 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e0dec038b87ebebb3f0c99a4a0b71248 |
| Signature Valid: | false |
| Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | E36602E775A5284B99606B1833F95A08 |
| Thumbprint SHA-1: | D3CB8B17C5512C312FA1E3DB3D1571CF6A390F5B |
| Thumbprint SHA-256: | B38E96A38EB6CEB8A915618C8E28E5AB9413942788CF5D2B8C8E5829DB88CBF2 |
| Serial: | 087FEF2C056BD054663E5ED196BE3565 |
| Instruction |
|---|
| push ebp |
| pushfd |
| mov ebp, 7C38B9BDh |
| mov ebp, dword ptr [esp+ebp-7C38B9B9h] |
| mov dword ptr [esp+04h], BEAC5D16h |
| push dword ptr [esp+00h] |
| popfd |
| lea esp, dword ptr [esp+04h] |
| call 00007FAC34B3A1B5h |
| call 00007FAC34B21238h |
| pop edx |
| adc edx, FFE575EEh |
| jmp edx |
| inc eax |
| inc dh |
| inc cx |
| mov dword ptr [esp+esi*8+000689B4h], edx |
| inc eax |
| sets bh |
| inc eax |
| xor al, bh |
| dec eax |
| neg eax |
| inc ecx |
| mov cl, byte ptr [ebp+ebx*2-5B299EFAh] |
| inc dx |
| add edi, dword ptr [esp+ecx-32EBFFEBh] |
| push ebx |
| dec ebp |
| lea ebp, dword ptr [ebp+ebx-2D94CF79h] |
| sal word ptr [esp+ebx*2-5B299EFAh], FFACh |
| inc ecx |
| xor cl, bl |
| xor cl, FFFFFFB3h |
| call 00007FAC34A77D25h |
| add eax, dword ptr [edi+eax] |
| neg dx |
| movzx ecx, byte ptr [esp+04h] |
| and ecx, 51849409h |
| mov edx, dword ptr [edi+ecx*2+04h] |
| sal ecx, FFFFFF9Ah |
| ror cl, FFFFFF81h |
| call 00007FAC34DE4A44h |
| mov ah, byte ptr [ecx] |
| sub dword ptr [ebx-5Fh], esi |
| pop ebx |
| push es |
| imul ebp, dword ptr [esi+ebx*4-02801859h], 00EEAE80h |
| out 57h, eax |
| cmc |
| sub byte ptr [esi+449B87EEh], FFFFFFD1h |
| and byte ptr [ebp+10435D41h], dh |
| in al, 6Bh |
| jo 00007FAC34B72FDCh |
| mov fs, word ptr [edx+7F58F2D5h] |
| jnle 00007FAC34B7302Dh |
| jnp 00007FAC34B72F80h |
| scasb |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x910000 | 0x2fae | .edata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xfbbf00 | 0x154 | _RDATA2 |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1195000 | 0x3b8709 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x104d200 | 0x29d8 | _RDATA2 |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x90b000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xd3a000 | 0x84 | _RDATA1 |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x2fd000 | 0x2fd000 | bc6b2d8cdc4fa18530976bf341d34eca | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x2fe000 | 0x60c000 | 0x110600 | 5a23d7b74d2b69f28adb6e1971445ee3 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x90a000 | 0x1000 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x90b000 | 0x1000 | 0x200 | 00641d0feaef0b7f9f3b65c67a5ed46a | False | 0.052734375 | data | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .idata | 0x90c000 | 0x4000 | 0x3400 | 069286ca0f29cc3eaf737d4856d69db8 | False | 0.9601862980769231 | data | 7.870266352354726 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .edata | 0x910000 | 0x3000 | 0x3000 | d3f0fcbcdd01777d9414bf1e0c8b95e0 | False | 0.301513671875 | data | 5.47519440995948 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| _RDATA0 | 0x913000 | 0x426a25 | 0x426c00 | f4eb99f1066289f256e8481ca9dd7e40 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| _RDATA1 | 0xd3a000 | 0x9c | 0x200 | 6613eff8b8274eadebd09cb43ce17502 | False | 0.177734375 | data | 0.9799551862570663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| _RDATA2 | 0xd3b000 | 0x459610 | 0x459800 | a432753b90d26e872d095a2ea43c01af | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x1195000 | 0x3b8709 | 0x3b8800 | f64f381354d1b3a98b45f00bc5a08d17 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| FNDD | 0x1197e24 | 0x1ff861 | PNG image data, 3936 x 925, 8-bit/color RGB, non-interlaced | English | United States | 0.9947528839111328 |
| RT_CURSOR | 0x1397688 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
| RT_CURSOR | 0x13977bc | 0x134 | data | English | United States | 0.4642857142857143 |
| RT_CURSOR | 0x13978f0 | 0x134 | data | English | United States | 0.4805194805194805 |
| RT_CURSOR | 0x1397a24 | 0x134 | data | English | United States | 0.38311688311688313 |
| RT_CURSOR | 0x1397b58 | 0x134 | data | English | United States | 0.36038961038961037 |
| RT_CURSOR | 0x1397c8c | 0x134 | data | English | United States | 0.4090909090909091 |
| RT_CURSOR | 0x1397dc0 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
| RT_BITMAP | 0x1397ef4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
| RT_BITMAP | 0x13980c4 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
| RT_BITMAP | 0x13982a8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
| RT_BITMAP | 0x1398478 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
| RT_BITMAP | 0x1398648 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
| RT_BITMAP | 0x1398818 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
| RT_BITMAP | 0x13989e8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
| RT_BITMAP | 0x1398bb8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
| RT_BITMAP | 0x1398d88 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
| RT_BITMAP | 0x1398f58 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
| RT_BITMAP | 0x1399128 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
| RT_ICON | 0x1399210 | 0x3093 | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | Russian | Russia | 1.000884599919582 |
| RT_ICON | 0x139c2a4 | 0x2668 | Device independent bitmap graphic, 48 x 96 x 32, image size 9792 | Russian | Russia | 0.7173515052888527 |
| RT_ICON | 0x139e90c | 0x1128 | Device independent bitmap graphic, 32 x 64 x 32, image size 4352 | Russian | Russia | 0.7602459016393442 |
| RT_ICON | 0x139fa34 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Russian | Russia | 0.8696808510638298 |
| RT_DIALOG | 0x139fe9c | 0x52 | data | 0.7682926829268293 | ||
| RT_DIALOG | 0x139fef0 | 0x52 | data | 0.7560975609756098 | ||
| RT_STRING | 0x139ff44 | 0x384 | data | 0.35777777777777775 | ||
| RT_STRING | 0x13a02c8 | 0x32c | data | 0.44950738916256155 | ||
| RT_STRING | 0x13a05f4 | 0xc0 | data | 0.6041666666666666 | ||
| RT_STRING | 0x13a06b4 | 0xfc | data | 0.5873015873015873 | ||
| RT_STRING | 0x13a07b0 | 0x248 | data | 0.4845890410958904 | ||
| RT_STRING | 0x13a09f8 | 0x408 | data | 0.36143410852713176 | ||
| RT_STRING | 0x13a0e00 | 0x1f8 | data | 0.4603174603174603 | ||
| RT_STRING | 0x13a0ff8 | 0xec | data | 0.5550847457627118 | ||
| RT_STRING | 0x13a10e4 | 0x198 | data | 0.5171568627450981 | ||
| RT_STRING | 0x13a127c | 0x3b4 | data | 0.33649789029535865 | ||
| RT_STRING | 0x13a1630 | 0x37c | data | 0.4080717488789238 | ||
| RT_STRING | 0x13a19ac | 0x2a0 | data | 0.4017857142857143 | ||
| RT_STRING | 0x13a1c4c | 0x434 | data | 0.3587360594795539 | ||
| RT_STRING | 0x13a2080 | 0x380 | data | 0.3549107142857143 | ||
| RT_STRING | 0x13a2400 | 0x454 | data | 0.37906137184115524 | ||
| RT_RCDATA | 0x13a2854 | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0x13a2864 | 0xf000f | Delphi compiled form 'TForm1' | 0.24657114810463301 | ||
| RT_RCDATA | 0x1492874 | 0x871 | Delphi compiled form 'TFormAbout' | 0.4197130957889866 | ||
| RT_RCDATA | 0x14930e8 | 0xa39 | Delphi compiled form 'TFormAddApplication' | 0.3584256782575468 | ||
| RT_RCDATA | 0x1493b24 | 0x85c | Delphi compiled form 'TFormAddContact' | 0.3719626168224299 | ||
| RT_RCDATA | 0x1494380 | 0x674 | Delphi compiled form 'TFormAddFavorit' | 0.437046004842615 | ||
| RT_RCDATA | 0x14949f4 | 0x977 | Delphi compiled form 'TFormAddFriendlyName' | 0.39991745769706977 | ||
| RT_RCDATA | 0x149536c | 0x71d | Delphi compiled form 'TFormAddToList' | 0.39978034047226796 | ||
| RT_RCDATA | 0x1495a8c | 0x788 | Delphi compiled form 'TFormAddWmiQuery' | 0.4066390041493776 | ||
| RT_RCDATA | 0x1496214 | 0xecb | Delphi compiled form 'TFormChat' | 0.30974386057565356 | ||
| RT_RCDATA | 0x14970e0 | 0xbbb | Delphi compiled form 'TFormChatDownload' | 0.4901764901764902 | ||
| RT_RCDATA | 0x1497c9c | 0x6e8 | Delphi compiled form 'TFormChatDownloadAction' | 0.3942307692307692 | ||
| RT_RCDATA | 0x1498384 | 0xbc1 | Delphi compiled form 'TFormChatUpload' | 0.5014955134596212 | ||
| RT_RCDATA | 0x1498f48 | 0x644 | Delphi compiled form 'TFormDeleteComputersInRange' | 0.442643391521197 | ||
| RT_RCDATA | 0x149958c | 0xa31 | Delphi compiled form 'TFormDhcp' | 0.34610962054426986 | ||
| RT_RCDATA | 0x1499fc0 | 0x2b75 | Delphi compiled form 'TFormDiapasons' | 0.15280898876404495 | ||
| RT_RCDATA | 0x149cb38 | 0xd55 | Delphi compiled form 'TFormEditApplications' | 0.25607969528274244 | ||
| RT_RCDATA | 0x149d890 | 0x883 | Delphi compiled form 'TFormEmailText' | 0.413951353832033 | ||
| RT_RCDATA | 0x149e114 | 0x8a1 | Delphi compiled form 'TFormEmailTextAndCaption' | 0.3879583521955636 | ||
| RT_RCDATA | 0x149e9b8 | 0x75e | Delphi compiled form 'TFormEnterCode' | 0.41039236479321317 | ||
| RT_RCDATA | 0x149f118 | 0x95e | Delphi compiled form 'TFormExcludedIP' | 0.3286071726438699 | ||
| RT_RCDATA | 0x149fa78 | 0xb02 | Delphi compiled form 'TFormExecute' | 0.3765081618168914 | ||
| RT_RCDATA | 0x14a057c | 0xc47 | Delphi compiled form 'TFormExternalIp' | 0.30957683741648107 | ||
| RT_RCDATA | 0x14a11c4 | 0x665 | Delphi compiled form 'TFormFavoriteAddGroup' | 0.43494196701282833 | ||
| RT_RCDATA | 0x14a182c | 0xc58 | Delphi compiled form 'TFormFavorites' | 0.29335443037974684 | ||
| RT_RCDATA | 0x14a2484 | 0x6f2 | Delphi compiled form 'TFormFind' | 0.39707536557930256 | ||
| RT_RCDATA | 0x14a2b78 | 0x102e | Delphi compiled form 'TFormFindContacts' | 0.2747464992757122 | ||
| RT_RCDATA | 0x14a3ba8 | 0xeb0 | Delphi compiled form 'TFormFriendlyNames' | 0.2422872340425532 | ||
| RT_RCDATA | 0x14a4a58 | 0xd3c | Delphi compiled form 'TFormHostsList' | 0.31995277449822906 | ||
| RT_RCDATA | 0x14a5794 | 0x58c | Delphi compiled form 'TFormHostToIP' | 0.44577464788732396 | ||
| RT_RCDATA | 0x14a5d20 | 0x83c | Delphi compiled form 'TFormIpWhois' | 0.4055977229601518 | ||
| RT_RCDATA | 0x14a655c | 0x578 | Delphi compiled form 'TFormMessage' | 0.43714285714285717 | ||
| RT_RCDATA | 0x14a6ad4 | 0xb14 | Delphi compiled form 'TFormNetStat' | 0.34520451339915376 | ||
| RT_RCDATA | 0x14a75e8 | 0x1b5e | Delphi compiled form 'TFormNetwork' | 0.34798743933771054 | ||
| RT_RCDATA | 0x14a9148 | 0xa0b | Delphi compiled form 'TFormNetworkInfo' | 0.36678335278101903 | ||
| RT_RCDATA | 0x14a9b54 | 0x625 | Delphi compiled form 'TFormNickName' | 0.4405594405594406 | ||
| RT_RCDATA | 0x14aa17c | 0x6e8 | Delphi compiled form 'TFormNotification' | 0.3829185520361991 | ||
| RT_RCDATA | 0x14aa864 | 0x1335 | Delphi compiled form 'TFormPinger' | 0.4299369534268863 | ||
| RT_RCDATA | 0x14abb9c | 0x61a | Delphi compiled form 'TFormQuestion' | 0.4148527528809219 | ||
| RT_RCDATA | 0x14ac1b8 | 0x785 | Delphi compiled form 'TFormRegistrationLink' | 0.4072727272727273 | ||
| RT_RCDATA | 0x14ac940 | 0xa4a | Delphi compiled form 'TFormSearchSetup' | 0.32687927107061504 | ||
| RT_RCDATA | 0x14ad38c | 0x1859 | Delphi compiled form 'TFormSetup' | 0.20471682977699343 | ||
| RT_RCDATA | 0x14aebe8 | 0xae1 | Delphi compiled form 'TFormStart' | 0.34470377019748655 | ||
| RT_RCDATA | 0x14af6cc | 0x7ba | Delphi compiled form 'TFormTestWmiQuery' | 0.37967644084934277 | ||
| RT_RCDATA | 0x14afe88 | 0x210 | Delphi compiled form 'TFormTopSearch' | 0.6022727272727273 | ||
| RT_RCDATA | 0x14b0098 | 0x2702 | Delphi compiled form 'TFormWakeOnLan' | 0.259062687762868 | ||
| RT_RCDATA | 0x14b279c | 0x221e | Delphi compiled form 'TFrameAddWmiQuery' | 0.15697275017174261 | ||
| RT_RCDATA | 0x14b49bc | 0x1a87 | Delphi compiled form 'TFrameAdminScanner' | 0.17140332793403035 | ||
| RT_RCDATA | 0x14b6444 | 0x189 | Delphi compiled form 'TFrameButton' | 0.49872773536895676 | ||
| RT_RCDATA | 0x14b65d0 | 0x427 | Delphi compiled form 'TFrameChat' | 0.37723424270931327 | ||
| RT_RCDATA | 0x14b69f8 | 0x3d6 | Delphi compiled form 'TFrameChatDownloadA' | 0.4134419551934827 | ||
| RT_RCDATA | 0x14b6dd0 | 0x40b | Delphi compiled form 'TFrameChatDownloadB' | 0.3748792270531401 | ||
| RT_RCDATA | 0x14b71dc | 0x83e | Delphi compiled form 'TFrameChatMemo' | 0.32701421800947866 | ||
| RT_RCDATA | 0x14b7a1c | 0x187 | Delphi compiled form 'TFrameChatMessage' | 0.6061381074168798 | ||
| RT_RCDATA | 0x14b7ba4 | 0x29e | Delphi compiled form 'TFrameChatUploadA' | 0.4582089552238806 | ||
| RT_RCDATA | 0x14b7e44 | 0x379 | Delphi compiled form 'TFrameChatUploadB' | 0.4049493813273341 | ||
| RT_RCDATA | 0x14b81c0 | 0x4e8e | Delphi compiled form 'TFrameFavorites' | 0.10183988065638985 | ||
| RT_RCDATA | 0x14bd050 | 0x2145 | Delphi compiled form 'TFrameFavoritesActions' | 0.16343783022190914 | ||
| RT_RCDATA | 0x14bf198 | 0x289c | Delphi compiled form 'TFrameFolders' | 0.12629857637552905 | ||
| RT_RCDATA | 0x14c1a34 | 0x4b5e | Delphi compiled form 'TFrameHistory' | 0.10417746449673473 | ||
| RT_RCDATA | 0x14c6594 | 0x516 | Delphi compiled form 'TFrameHostByIp' | 0.2995391705069124 | ||
| RT_RCDATA | 0x14c6aac | 0x164e | Delphi compiled form 'TFrameMain' | 0.21663747810858144 | ||
| RT_RCDATA | 0x14c80fc | 0x279a8 | Delphi compiled form 'TFrameMain2' | 0.3001800069043744 | ||
| RT_RCDATA | 0x14efaa4 | 0xc52b | Delphi compiled form 'TFrameMainMenu' | 0.10498266468548786 | ||
| RT_RCDATA | 0x14fbfd0 | 0x46a | Delphi compiled form 'TFrameMemo' | 0.4168141592920354 | ||
| RT_RCDATA | 0x14fc43c | 0xdb0 | Delphi compiled form 'TFrameMessanger' | 0.2360159817351598 | ||
| RT_RCDATA | 0x14fd1ec | 0x763 | Delphi compiled form 'TFrameNetwork' | 0.3484928609201481 | ||
| RT_RCDATA | 0x14fd950 | 0x235 | Delphi compiled form 'TFrameNetworkButtons' | 0.3256637168141593 | ||
| RT_RCDATA | 0x14fdb88 | 0x18c | Delphi compiled form 'TFramePages' | 0.5909090909090909 | ||
| RT_RCDATA | 0x14fdd14 | 0x96a | Delphi compiled form 'TFramePingerOptions' | 0.3107883817427386 | ||
| RT_RCDATA | 0x14fe680 | 0x30ab | Delphi compiled form 'TFramePrivateNetwork' | 0.13235412151858095 | ||
| RT_RCDATA | 0x150172c | 0x43ec | Delphi compiled form 'TFrameScanner' | 0.11042097998619738 | ||
| RT_RCDATA | 0x1505b18 | 0x18da | Delphi compiled form 'TFrameSearch' | 0.17007230430682174 | ||
| RT_RCDATA | 0x15073f4 | 0x405 | Delphi compiled form 'TFrameSearchMemo' | 0.39067055393586003 | ||
| RT_RCDATA | 0x15077fc | 0x14bc | Delphi compiled form 'TFrameSearchSetup' | 0.19103240391861342 | ||
| RT_RCDATA | 0x1508cb8 | 0xfbd | Delphi compiled form 'TFrameSetupAdminScanner' | 0.22263588979895757 | ||
| RT_RCDATA | 0x1509c78 | 0x58c | Delphi compiled form 'TFrameSetupAuthorization' | 0.3528169014084507 | ||
| RT_RCDATA | 0x150a204 | 0x1c41 | Delphi compiled form 'TFrameSetupDetails' | 0.15705792893681736 | ||
| RT_RCDATA | 0x150be48 | 0x1291 | Delphi compiled form 'TFrameSetupEmail' | 0.19861140332421628 | ||
| RT_RCDATA | 0x150d0dc | 0x53f | Delphi compiled form 'TFrameSetupEmailSubject' | 0.3432613551749814 | ||
| RT_RCDATA | 0x150d61c | 0xfc6 | Delphi compiled form 'TFrameSetupFavorites' | 0.2157008420009906 | ||
| RT_RCDATA | 0x150e5e4 | 0x8bd | Delphi compiled form 'TFrameSetupFolders' | 0.3102369244523916 | ||
| RT_RCDATA | 0x150eea4 | 0x590 | Delphi compiled form 'TFrameSetupGenerals' | 0.3167134831460674 | ||
| RT_RCDATA | 0x150f434 | 0x1106 | Delphi compiled form 'TFrameSetupHistory' | 0.21156493804497475 | ||
| RT_RCDATA | 0x151053c | 0x766 | Delphi compiled form 'TFrameSetupHistoryView' | 0.324181626187962 | ||
| RT_RCDATA | 0x1510ca4 | 0x262f | Delphi compiled form 'TFrameSetupInterface' | 0.13810741687979539 | ||
| RT_RCDATA | 0x15132d4 | 0xce5 | Delphi compiled form 'TFrameSetupLaunch' | 0.19933353529233566 | ||
| RT_RCDATA | 0x1513fbc | 0x2686 | Delphi compiled form 'TFrameSetupLookup' | 0.12340296085986616 | ||
| RT_RCDATA | 0x1516644 | 0x18b4 | Delphi compiled form 'TFrameSetupMessenger' | 0.1937065148640101 | ||
| RT_RCDATA | 0x1517ef8 | 0xcbb | Delphi compiled form 'TFrameSetupNotifications' | 0.2138692850567659 | ||
| RT_RCDATA | 0x1518bb4 | 0x9d0 | Delphi compiled form 'TFrameSetupNotificationsFavorites' | 0.2806528662420382 | ||
| RT_RCDATA | 0x1519584 | 0x1234 | Delphi compiled form 'TFrameSetupNotificationsFolders' | 0.19334763948497855 | ||
| RT_RCDATA | 0x151a7b8 | 0x21f0 | Delphi compiled form 'TFrameSetupNotificationsHistory' | 0.14652394106813996 | ||
| RT_RCDATA | 0x151c9a8 | 0xd74 | Delphi compiled form 'TFrameSetupNotificationsScanner' | 0.2665505226480836 | ||
| RT_RCDATA | 0x151d71c | 0x519 | Delphi compiled form 'TFrameSetupNotificationsSearch' | 0.40229885057471265 | ||
| RT_RCDATA | 0x151dc38 | 0x2814 | Delphi compiled form 'TFrameSetupNotificationsSubnetMonitor' | 0.13567251461988303 | ||
| RT_RCDATA | 0x152044c | 0x571 | Delphi compiled form 'TFrameSetupOptimizations' | 0.3137114142139268 | ||
| RT_RCDATA | 0x15209c0 | 0x10c3 | Delphi compiled form 'TFrameSetupScanner' | 0.21044045676998369 | ||
| RT_RCDATA | 0x1521a84 | 0x766 | Delphi compiled form 'TFrameSetupScannerView' | 0.3215417106652587 | ||
| RT_RCDATA | 0x15221ec | 0x695 | Delphi compiled form 'TFrameSetupSearch' | 0.3649851632047478 | ||
| RT_RCDATA | 0x1522884 | 0x149f | Delphi compiled form 'TFrameSetupSubnetMonitor' | 0.19871187724947906 | ||
| RT_RCDATA | 0x1523d24 | 0x594 | Delphi compiled form 'TFrameSetupSubnetMonitorAdditions' | 0.32072829131652664 | ||
| RT_RCDATA | 0x15242b8 | 0x26b1 | Delphi compiled form 'TFrameSubTools' | 0.12912670368500756 | ||
| RT_RCDATA | 0x152696c | 0x25471 | Delphi compiled form 'TFrameTools' | 0.3111291579616082 | ||
| RT_RCDATA | 0x154bde0 | 0xda5 | Delphi compiled form 'TFrameWakeOnLan' | 0.24992842828514172 | ||
| RT_RCDATA | 0x154cb88 | 0x5f5 | Delphi compiled form 'TVTreeView' | 0.3619672131147541 | ||
| RT_GROUP_CURSOR | 0x154d180 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x154d194 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x154d1a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x154d1bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x154d1d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x154d1e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x154d1f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0x154d20c | 0x3e | data | Russian | Russia | 0.8225806451612904 |
| RT_VERSION | 0x154d24c | 0x340 | data | 0.43990384615384615 | ||
| RT_MANIFEST | 0x154d58c | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
| DLL | Import |
|---|---|
| WS2_32.DLL | shutdown |
| IPHLPAPI.DLL | GetAdaptersInfo |
| SHELL32.DLL | Shell_NotifyIconA |
| WININET.DLL | FtpFindFirstFileA |
| ADVAPI32.DLL | AdjustTokenPrivileges |
| KERNEL32.DLL | GetVersion, GetVersionExA |
| MPR.DLL | WNetAddConnection2A |
| NETAPI32.DLL | NetApiBufferFree |
| VERSION.DLL | GetFileVersionInfoA |
| COMCTL32.DLL | ImageList_Add |
| COMDLG32.DLL | ChooseColorA |
| GDI32.DLL | BitBlt |
| USER32.DLL | ActivateKeyboardLayout |
| WINMM.DLL | PlaySoundA |
| OLE32.DLL | CLSIDFromString |
| OLEAUT32.DLL | GetErrorInfo |
| Name | Ordinal | Address |
|---|---|---|
| @@Unit1@Finalize | 3 | 0x4d85a8 |
| @@Unit1@Initialize | 2 | 0x4d8590 |
| @@Unit2@Finalize | 5 | 0x4dccc0 |
| @@Unit2@Initialize | 4 | 0x4dccb0 |
| @@Unitabout@Finalize | 7 | 0x4dedf8 |
| @@Unitabout@Initialize | 6 | 0x4dede8 |
| @@Unitaddfavorite@Finalize | 9 | 0x4e0ed8 |
| @@Unitaddfavorite@Initialize | 8 | 0x4e0ec8 |
| @@Unitchatdownloadaction@Finalize | 11 | 0x4e2930 |
| @@Unitchatdownloadaction@Initialize | 10 | 0x4e2920 |
| @@Unitchatprotocol@Finalize | 13 | 0x4e9ed8 |
| @@Unitchatprotocol@Initialize | 12 | 0x4e9ec8 |
| @@Unitdeletecomputersinrange@Finalize | 15 | 0x4ec6c0 |
| @@Unitdeletecomputersinrange@Initialize | 14 | 0x4ec6b0 |
| @@Unitdiapasons@Finalize | 17 | 0x4f39f4 |
| @@Unitdiapasons@Initialize | 16 | 0x4f39e4 |
| @@Unitentercode@Finalize | 19 | 0x4f5990 |
| @@Unitentercode@Initialize | 18 | 0x4f5980 |
| @@Unitexcludedip@Finalize | 21 | 0x4f7bd0 |
| @@Unitexcludedip@Initialize | 20 | 0x4f7bc0 |
| @@Unitfavorites@Finalize | 23 | 0x4ffb38 |
| @@Unitfavorites@Initialize | 22 | 0x4ffb28 |
| @@Unitformaddapplication@Finalize | 25 | 0x501cd0 |
| @@Unitformaddapplication@Initialize | 24 | 0x501cc0 |
| @@Unitformaddcontact@Finalize | 27 | 0x503984 |
| @@Unitformaddcontact@Initialize | 26 | 0x503974 |
| @@Unitformaddfriendlyname@Finalize | 29 | 0x506f74 |
| @@Unitformaddfriendlyname@Initialize | 28 | 0x506f64 |
| @@Unitformaddtolist@Finalize | 31 | 0x5089e4 |
| @@Unitformaddtolist@Initialize | 30 | 0x5089d4 |
| @@Unitformaddwmiquery@Finalize | 33 | 0x50f014 |
| @@Unitformaddwmiquery@Initialize | 32 | 0x50f004 |
| @@Unitformchat@Finalize | 35 | 0x5127c4 |
| @@Unitformchat@Initialize | 34 | 0x5127b4 |
| @@Unitformchatdownload@Finalize | 37 | 0x5191d0 |
| @@Unitformchatdownload@Initialize | 36 | 0x5191c0 |
| @@Unitformchatupload@Finalize | 39 | 0x51f548 |
| @@Unitformchatupload@Initialize | 38 | 0x51f538 |
| @@Unitformdhcp@Finalize | 41 | 0x524454 |
| @@Unitformdhcp@Initialize | 40 | 0x524444 |
| @@Unitformeditapplications@Finalize | 43 | 0x52773c |
| @@Unitformeditapplications@Initialize | 42 | 0x52772c |
| @@Unitformemailtext@Finalize | 45 | 0x5293e0 |
| @@Unitformemailtext@Initialize | 44 | 0x5293d0 |
| @@Unitformemailtextandcaption@Finalize | 47 | 0x52b20c |
| @@Unitformemailtextandcaption@Initialize | 46 | 0x52b1fc |
| @@Unitformexecute@Finalize | 49 | 0x52d8b8 |
| @@Unitformexecute@Initialize | 48 | 0x52d8a8 |
| @@Unitformexternalip@Finalize | 51 | 0x530500 |
| @@Unitformexternalip@Initialize | 50 | 0x5304f0 |
| @@Unitformfavoriteaddgroup@Finalize | 53 | 0x531dcc |
| @@Unitformfavoriteaddgroup@Initialize | 52 | 0x531dbc |
| @@Unitformfind@Finalize | 55 | 0x534a74 |
| @@Unitformfind@Initialize | 54 | 0x534a64 |
| @@Unitformfindcontacts@Finalize | 57 | 0x537cd0 |
| @@Unitformfindcontacts@Initialize | 56 | 0x537cc0 |
| @@Unitformhostslist@Finalize | 59 | 0x53a858 |
| @@Unitformhostslist@Initialize | 58 | 0x53a848 |
| @@Unitformhosttoip@Finalize | 61 | 0x53cdc4 |
| @@Unitformhosttoip@Initialize | 60 | 0x53cdb4 |
| @@Unitformipwhois@Finalize | 63 | 0x541088 |
| @@Unitformipwhois@Initialize | 62 | 0x541078 |
| @@Unitformnetwork@Finalize | 65 | 0x54f4b4 |
| @@Unitformnetwork@Initialize | 64 | 0x54f4a4 |
| @@Unitformnetworkinfo@Finalize | 67 | 0x55aa8c |
| @@Unitformnetworkinfo@Initialize | 66 | 0x55aa7c |
| @@Unitformnickname@Finalize | 69 | 0x55c32c |
| @@Unitformnickname@Initialize | 68 | 0x55c31c |
| @@Unitformnotification@Finalize | 71 | 0x55edc0 |
| @@Unitformnotification@Initialize | 70 | 0x55edb0 |
| @@Unitformpinger@Finalize | 73 | 0x57d2e0 |
| @@Unitformpinger@Initialize | 72 | 0x57d2c8 |
| @@Unitformquestion@Finalize | 75 | 0x57ed80 |
| @@Unitformquestion@Initialize | 74 | 0x57ed70 |
| @@Unitformregistrationlink@Finalize | 77 | 0x5807bc |
| @@Unitformregistrationlink@Initialize | 76 | 0x5807ac |
| @@Unitformsearchsetup@Finalize | 79 | 0x583258 |
| @@Unitformsearchsetup@Initialize | 78 | 0x583248 |
| @@Unitformsetup@Finalize | 81 | 0x59370c |
| @@Unitformsetup@Initialize | 80 | 0x5936fc |
| @@Unitformtestwmiquery@Finalize | 83 | 0x595168 |
| @@Unitformtestwmiquery@Initialize | 82 | 0x595158 |
| @@Unitformtopsearch@Finalize | 85 | 0x5960fc |
| @@Unitformtopsearch@Initialize | 84 | 0x5960ec |
| @@Unitframeaddwmiquery@Finalize | 87 | 0x597a70 |
| @@Unitframeaddwmiquery@Initialize | 86 | 0x597a60 |
| @@Unitframeadminscanner@Finalize | 89 | 0x59ac48 |
| @@Unitframeadminscanner@Initialize | 88 | 0x59ac38 |
| @@Unitframebutton@Finalize | 91 | 0x59b8f8 |
| @@Unitframebutton@Initialize | 90 | 0x59b8e8 |
| @@Unitframechat@Finalize | 93 | 0x59ba90 |
| @@Unitframechat@Initialize | 92 | 0x59ba80 |
| @@Unitframechatdownloada@Finalize | 95 | 0x59bc34 |
| @@Unitframechatdownloada@Initialize | 94 | 0x59bc24 |
| @@Unitframechatdownloadb@Finalize | 97 | 0x59c2cc |
| @@Unitframechatdownloadb@Initialize | 96 | 0x59c2bc |
| @@Unitframechatmemo@Finalize | 99 | 0x5a5430 |
| @@Unitframechatmemo@Initialize | 98 | 0x5a5420 |
| @@Unitframechatmessage@Finalize | 101 | 0x5a5670 |
| @@Unitframechatmessage@Initialize | 100 | 0x5a5660 |
| @@Unitframechatuploada@Finalize | 103 | 0x5a580c |
| @@Unitframechatuploada@Initialize | 102 | 0x5a57fc |
| @@Unitframechatuploadb@Finalize | 105 | 0x5a5e9c |
| @@Unitframechatuploadb@Initialize | 104 | 0x5a5e8c |
| @@Unitframefavorites@Finalize | 107 | 0x5af15c |
| @@Unitframefavorites@Initialize | 106 | 0x5af14c |
| @@Unitframefavoritesactions@Finalize | 109 | 0x5b1714 |
| @@Unitframefavoritesactions@Initialize | 108 | 0x5b1704 |
| @@Unitframefolders@Finalize | 111 | 0x5b4ff4 |
| @@Unitframefolders@Initialize | 110 | 0x5b4fe4 |
| @@Unitframehistory@Finalize | 113 | 0x5be194 |
| @@Unitframehistory@Initialize | 112 | 0x5be184 |
| @@Unitframehostbyip@Finalize | 115 | 0x5be9dc |
| @@Unitframehostbyip@Initialize | 114 | 0x5be9cc |
| @@Unitframemain2@Finalize | 119 | 0x5bfeec |
| @@Unitframemain2@Initialize | 118 | 0x5bfedc |
| @@Unitframemain@Finalize | 117 | 0x5be9fc |
| @@Unitframemain@Initialize | 116 | 0x5be9ec |
| @@Unitframemainmenu@Finalize | 121 | 0x5c76e0 |
| @@Unitframemainmenu@Initialize | 120 | 0x5c76d0 |
| @@Unitframemessanger@Finalize | 123 | 0x5ca12c |
| @@Unitframemessanger@Initialize | 122 | 0x5ca11c |
| @@Unitframenetwork@Finalize | 125 | 0x5ca290 |
| @@Unitframenetwork@Initialize | 124 | 0x5ca280 |
| @@Unitframenetworkbuttons@Finalize | 127 | 0x5ca2b0 |
| @@Unitframenetworkbuttons@Initialize | 126 | 0x5ca2a0 |
| @@Unitframepages@Finalize | 129 | 0x5cbd1c |
| @@Unitframepages@Initialize | 128 | 0x5cbd0c |
| @@Unitframepingeroptions@Finalize | 131 | 0x5cc524 |
| @@Unitframepingeroptions@Initialize | 130 | 0x5cc514 |
| @@Unitframeprivatenetwork@Finalize | 133 | 0x5d1da0 |
| @@Unitframeprivatenetwork@Initialize | 132 | 0x5d1d90 |
| @@Unitframescanner@Finalize | 135 | 0x5db070 |
| @@Unitframescanner@Initialize | 134 | 0x5db060 |
| @@Unitframesearch@Finalize | 137 | 0x5de0ac |
| @@Unitframesearch@Initialize | 136 | 0x5de09c |
| @@Unitframesearchmemo@Finalize | 139 | 0x5e1f24 |
| @@Unitframesearchmemo@Initialize | 138 | 0x5e1f14 |
| @@Unitframesearchsetup@Finalize | 141 | 0x5e32d8 |
| @@Unitframesearchsetup@Initialize | 140 | 0x5e32c8 |
| @@Unitframesetupadminscanner@Finalize | 143 | 0x5e48b8 |
| @@Unitframesetupadminscanner@Initialize | 142 | 0x5e48a8 |
| @@Unitframesetupauthorization@Finalize | 145 | 0x5e5a54 |
| @@Unitframesetupauthorization@Initialize | 144 | 0x5e5a44 |
| @@Unitframesetupdetails@Finalize | 147 | 0x5e75e4 |
| @@Unitframesetupdetails@Initialize | 146 | 0x5e75d4 |
| @@Unitframesetupemail@Finalize | 149 | 0x5e8d64 |
| @@Unitframesetupemail@Initialize | 148 | 0x5e8d54 |
| @@Unitframesetupemailsubject@Finalize | 151 | 0x5e9d98 |
| @@Unitframesetupemailsubject@Initialize | 150 | 0x5e9d88 |
| @@Unitframesetupfavorites@Finalize | 153 | 0x5eb30c |
| @@Unitframesetupfavorites@Initialize | 152 | 0x5eb2fc |
| @@Unitframesetupfolders@Finalize | 155 | 0x5ec57c |
| @@Unitframesetupfolders@Initialize | 154 | 0x5ec56c |
| @@Unitframesetupgenerals@Finalize | 157 | 0x5ed714 |
| @@Unitframesetupgenerals@Initialize | 156 | 0x5ed704 |
| @@Unitframesetuphistory@Finalize | 159 | 0x5eed1c |
| @@Unitframesetuphistory@Initialize | 158 | 0x5eed0c |
| @@Unitframesetuphistoryview@Finalize | 161 | 0x5efe34 |
| @@Unitframesetuphistoryview@Initialize | 160 | 0x5efe24 |
| @@Unitframesetupinterface@Finalize | 163 | 0x5f1fd8 |
| @@Unitframesetupinterface@Initialize | 162 | 0x5f1fc8 |
| @@Unitframesetuplaunch@Finalize | 165 | 0x5f3b3c |
| @@Unitframesetuplaunch@Initialize | 164 | 0x5f3b2c |
| @@Unitframesetuplookup@Finalize | 167 | 0x5f5a48 |
| @@Unitframesetuplookup@Initialize | 166 | 0x5f5a38 |
| @@Unitframesetupmessenger@Finalize | 169 | 0x5f7a68 |
| @@Unitframesetupmessenger@Initialize | 168 | 0x5f7a58 |
| @@Unitframesetupnotifications@Finalize | 171 | 0x5f9014 |
| @@Unitframesetupnotifications@Initialize | 170 | 0x5f9004 |
| @@Unitframesetupnotificationsfavorites@Finalize | 173 | 0x5fa5b0 |
| @@Unitframesetupnotificationsfavorites@Initialize | 172 | 0x5fa5a0 |
| @@Unitframesetupnotificationsfolders@Finalize | 177 | 0x5fd588 |
| @@Unitframesetupnotificationsfolders@Initialize | 176 | 0x5fd578 |
| @@Unitframesetupnotificationshistory@Finalize | 179 | 0x5ff700 |
| @@Unitframesetupnotificationshistory@Initialize | 178 | 0x5ff6f0 |
| @@Unitframesetupnotificationsscanner@Finalize | 181 | 0x600eb8 |
| @@Unitframesetupnotificationsscanner@Initialize | 180 | 0x600ea8 |
| @@Unitframesetupnotificationssearch@Finalize | 183 | 0x602240 |
| @@Unitframesetupnotificationssearch@Initialize | 182 | 0x602230 |
| @@Unitframesetupnotificationssubnetmonitor@Finalize | 185 | 0x604584 |
| @@Unitframesetupnotificationssubnetmonitor@Initialize | 184 | 0x604574 |
| @@Unitframesetupoptimizations@Finalize | 187 | 0x60566c |
| @@Unitframesetupoptimizations@Initialize | 186 | 0x60565c |
| @@Unitframesetupscanner@Finalize | 175 | 0x5fbba8 |
| @@Unitframesetupscanner@Initialize | 174 | 0x5fbb98 |
| @@Unitframesetupscannerview@Finalize | 189 | 0x606784 |
| @@Unitframesetupscannerview@Initialize | 188 | 0x606774 |
| @@Unitframesetupsearch@Finalize | 191 | 0x607904 |
| @@Unitframesetupsearch@Initialize | 190 | 0x6078f4 |
| @@Unitframesetupsubnetmonitor@Finalize | 193 | 0x60911c |
| @@Unitframesetupsubnetmonitor@Initialize | 192 | 0x60910c |
| @@Unitframesetupsubnetmonitoradditions@Finalize | 195 | 0x60a2b0 |
| @@Unitframesetupsubnetmonitoradditions@Initialize | 194 | 0x60a2a0 |
| @@Unitframesubtools@Finalize | 197 | 0x60ad90 |
| @@Unitframesubtools@Initialize | 196 | 0x60ad80 |
| @@Unitframetools@Finalize | 199 | 0x60d1d4 |
| @@Unitframetools@Initialize | 198 | 0x60d1c4 |
| @@Unitframevtreeview@Finalize | 201 | 0x6213a4 |
| @@Unitframevtreeview@Initialize | 200 | 0x621394 |
| @@Unitframewakeonlan@Finalize | 203 | 0x6224e0 |
| @@Unitframewakeonlan@Initialize | 202 | 0x6224d0 |
| @@Unitfriendlynames@Finalize | 205 | 0x627738 |
| @@Unitfriendlynames@Initialize | 204 | 0x627728 |
| @@Unitmessage@Finalize | 207 | 0x629080 |
| @@Unitmessage@Initialize | 206 | 0x629070 |
| @@Unitnetstat@Finalize | 209 | 0x62f468 |
| @@Unitnetstat@Initialize | 208 | 0x62f458 |
| @@Unitrescanthread@Finalize | 211 | 0x64c4e4 |
| @@Unitrescanthread@Initialize | 210 | 0x64c4d4 |
| @@Unitsearchthread@Finalize | 213 | 0x650604 |
| @@Unitsearchthread@Initialize | 212 | 0x6505f4 |
| @@Unitstart@Finalize | 215 | 0x652fc4 |
| @@Unitstart@Initialize | 214 | 0x652fb4 |
| @@Unitwakeonlan@Finalize | 217 | 0x667fc0 |
| @@Unitwakeonlan@Initialize | 216 | 0x667fb0 |
| _Form1 | 219 | 0x80e6e4 |
| _FormAbout | 221 | 0xcddae0 |
| _FormAddApplication | 229 | 0xcddb24 |
| _FormAddContact | 230 | 0xcddb2c |
| _FormAddFavorit | 222 | 0xcddae8 |
| _FormAddFriendlyName | 231 | 0xcddb34 |
| _FormAddToList | 232 | 0xcddb3c |
| _FormAddWmiQuery | 233 | 0xcddb44 |
| _FormChat | 234 | 0xcddb4c |
| _FormChatDownload | 235 | 0xcddb54 |
| _FormChatDownloadAction | 223 | 0xcddaf0 |
| _FormChatUpload | 236 | 0xcddb5c |
| _FormDeleteComputersInRange | 224 | 0xcddafc |
| _FormDhcp | 237 | 0xcddb64 |
| _FormDiapasons | 225 | 0xcddb04 |
| _FormEditApplications | 238 | 0xcddb70 |
| _FormEmailText | 239 | 0xcddb78 |
| _FormEmailTextAndCaption | 240 | 0xcddb80 |
| _FormEnterCode | 226 | 0xcddb0c |
| _FormExcludedIP | 227 | 0xcddb14 |
| _FormExecute | 241 | 0xcddb88 |
| _FormExternalIp | 242 | 0xcddb90 |
| _FormFavoriteAddGroup | 243 | 0xcddb9c |
| _FormFavorites | 228 | 0xcddb1c |
| _FormFind | 244 | 0xcddba4 |
| _FormFindContacts | 245 | 0xcddbac |
| _FormFriendlyNames | 319 | 0xce645c |
| _FormHostToIP | 247 | 0xcddbc0 |
| _FormHostsList | 246 | 0xcddbb8 |
| _FormIpWhois | 248 | 0xcddbd0 |
| _FormMessage | 320 | 0xce6464 |
| _FormNetStat | 321 | 0xce646c |
| _FormNetwork | 249 | 0xcddbdc |
| _FormNetworkInfo | 250 | 0xcddd74 |
| _FormNickName | 251 | 0xcddd7c |
| _FormNotification | 252 | 0xcddd84 |
| _FormPinger | 253 | 0xcddd8c |
| _FormQuestion | 254 | 0xce6254 |
| _FormRegistrationLink | 255 | 0xce625c |
| _FormSearchSetup | 256 | 0xce6264 |
| _FormSetup | 257 | 0xce626c |
| _FormStart | 322 | 0xcecbc4 |
| _FormTestWmiQuery | 258 | 0xce6274 |
| _FormTopSearch | 259 | 0xce627c |
| _FormWakeOnLan | 323 | 0xcecbcc |
| _FrameAddWmiQuery | 260 | 0xce6284 |
| _FrameAdminScanner | 261 | 0xce628c |
| _FrameButton | 262 | 0xce6294 |
| _FrameChat | 263 | 0xce629c |
| _FrameChatDownloadA | 264 | 0xce62a4 |
| _FrameChatDownloadB | 265 | 0xce62ac |
| _FrameChatMemo | 266 | 0xce62b4 |
| _FrameChatMessage | 267 | 0xce62bc |
| _FrameChatUploadA | 268 | 0xce62c4 |
| _FrameChatUploadB | 269 | 0xce62cc |
| _FrameFavorites | 270 | 0xce62d4 |
| _FrameFavoritesActions | 271 | 0xce62dc |
| _FrameFolders | 272 | 0xce62e4 |
| _FrameHistory | 273 | 0xce62ec |
| _FrameHostByIp | 274 | 0xce62f4 |
| _FrameMain | 275 | 0xce62fc |
| _FrameMain2 | 276 | 0xce6304 |
| _FrameMainMenu | 277 | 0xce630c |
| _FrameMemo | 220 | 0xcddad8 |
| _FrameMessanger | 278 | 0xce6314 |
| _FrameNetwork | 279 | 0xce631c |
| _FrameNetworkButtons | 280 | 0xce6324 |
| _FramePages | 281 | 0xce632c |
| _FramePingerOptions | 282 | 0xce6334 |
| _FramePrivateNetwork | 283 | 0xce633c |
| _FrameScanner | 284 | 0xce6344 |
| _FrameSearch | 285 | 0xce634c |
| _FrameSearchMemo | 286 | 0xce6354 |
| _FrameSearchSetup | 287 | 0xce635c |
| _FrameSetupAdminScanner | 288 | 0xce6364 |
| _FrameSetupAuthorization | 289 | 0xce636c |
| _FrameSetupDetails | 290 | 0xce6374 |
| _FrameSetupEmail | 291 | 0xce637c |
| _FrameSetupEmailSubject | 292 | 0xce6384 |
| _FrameSetupFavorites | 293 | 0xce638c |
| _FrameSetupFolders | 294 | 0xce6394 |
| _FrameSetupGenerals | 295 | 0xce639c |
| _FrameSetupHistory | 296 | 0xce63a4 |
| _FrameSetupHistoryView | 297 | 0xce63ac |
| _FrameSetupInterface | 298 | 0xce63b4 |
| _FrameSetupLaunch | 299 | 0xce63bc |
| _FrameSetupLookup | 300 | 0xce63c4 |
| _FrameSetupMessenger | 301 | 0xce63cc |
| _FrameSetupNotifications | 302 | 0xce63d4 |
| _FrameSetupNotificationsFavorites | 303 | 0xce63dc |
| _FrameSetupNotificationsFolders | 305 | 0xce63ec |
| _FrameSetupNotificationsHistory | 306 | 0xce63f4 |
| _FrameSetupNotificationsScanner | 307 | 0xce63fc |
| _FrameSetupNotificationsSearch | 308 | 0xce6404 |
| _FrameSetupNotificationsSubnetMonitor | 309 | 0xce640c |
| _FrameSetupOptimizations | 310 | 0xce6414 |
| _FrameSetupScanner | 304 | 0xce63e4 |
| _FrameSetupScannerView | 311 | 0xce641c |
| _FrameSetupSearch | 312 | 0xce6424 |
| _FrameSetupSubnetMonitor | 313 | 0xce642c |
| _FrameSetupSubnetMonitorAdditions | 314 | 0xce6434 |
| _FrameSubTools | 315 | 0xce643c |
| _FrameTools | 316 | 0xce6444 |
| _FrameWakeOnLan | 318 | 0xce6454 |
| _VTreeView | 317 | 0xce644c |
| __GetExceptDLLinfo | 1 | 0x4019a9 |
| ___CPPdebugHook | 218 | 0x6fe08c |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Russian | Russia |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:34:20 |
| Start date: | 25/11/2024 |
| Path: | C:\Users\user\Desktop\Setup.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 17'103'832 bytes |
| MD5 hash: | 0694A17DA60D94BC3309098B233AEF78 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 09:34:24 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\SysWOW64\more.com |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x850000 |
| File size: | 24'576 bytes |
| MD5 hash: | 03805AE7E8CBC07840108F5C80CF4973 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 7 |
| Start time: | 09:34:25 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff75da10000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 8 |
| Start time: | 09:34:30 |
| Start date: | 25/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\Gosse.com |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x560000 |
| File size: | 943'784 bytes |
| MD5 hash: | 3F58A517F1F4796225137E7659AD2ADB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 09:34:30 |
| Start date: | 25/11/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x4f0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 21.2% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 5.4% |
| Total number of Nodes: | 149 |
| Total number of Limit Nodes: | 7 |
Graph
Function 0040776F Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407E8F Relevance: 5.5, APIs: 3, Instructions: 995memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040704F Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040763F Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040770F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 23memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406C7F Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408C9F Relevance: 1.5, APIs: 1, Instructions: 204COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407E3F Relevance: 1.3, Strings: 1, Instructions: 9COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B1FD Relevance: .4, Instructions: 354COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A375 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F9FB4 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 636windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00575D03 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0057310D Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 220libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00572D33 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 148windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005EC00E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DA187 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 119fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CDE32 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 181fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D8C58 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DA2E4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059B782 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D7591 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 286timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DF8D3 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE180 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CF76E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 58shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E2E89 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C8056 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DA66E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120filesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573AD9 Relevance: 7.9, APIs: 5, Instructions: 373COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE2AB Relevance: 7.6, APIs: 5, Instructions: 91processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F2558 Relevance: 7.6, APIs: 5, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C20BE Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D686D Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00592446 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D5D7E Relevance: 4.6, APIs: 3, Instructions: 77COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C27D9 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE3CB Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2777 Relevance: 4.5, APIs: 3, Instructions: 41memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE9BA Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D74F0 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D4573 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C21C9 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00580CA4 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005A59C7 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00580F9F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E3622 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 487filememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F0198 Relevance: 58.2, APIs: 10, Strings: 23, Instructions: 479windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F7A98 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005755FB Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 486windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E32BC Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 289windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F6EBD Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 463windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F5E68 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 401windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F0C42 Relevance: 37.1, APIs: 8, Strings: 13, Instructions: 354windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005751FB Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 283windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F1934 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 282windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F8D07 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 199windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005ECDB7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F12EA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 324windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E09D7 Relevance: 27.1, APIs: 18, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F9B58 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573998 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 145windowtimeregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0058071E Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 78libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E4BE7 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 479libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005736C0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 215windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F7695 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 196windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00574854 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 171timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DCF5D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 144networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F8F46 Relevance: 22.6, APIs: 15, Instructions: 133filememorywindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E3105 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 170windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059D88D Relevance: 19.6, APIs: 13, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C4700 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F9709 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00570E5B Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 201registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CCDE4 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191windowsleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005ED5F3 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 105registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D492E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CF51C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0057507A Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C6CAD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005749E2 Relevance: 18.1, APIs: 12, Instructions: 139COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F94ED Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CA4B0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C1785 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 128registryshareCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F4951 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00572C51 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 64windowregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C291D Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49memorythreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E47A1 Relevance: 16.8, APIs: 11, Instructions: 345fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D854F Relevance: 16.8, APIs: 11, Instructions: 299comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C0B44 Relevance: 16.6, APIs: 11, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E1125 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E42A7 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 202comCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CDCB4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F45EF Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2F90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C3073 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00592B57 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005694B8 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 333comCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005757F1 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056921A Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DCD34 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 95networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CA66B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C3154 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00598B75 Relevance: 13.8, APIs: 9, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059CCC0 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F5AEB Relevance: 13.7, APIs: 9, Instructions: 164COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C367A Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CD36C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059B957 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F421E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CCAE1 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CD612 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D1EAE Relevance: 12.3, APIs: 8, Instructions: 275COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CFBA1 Relevance: 12.1, APIs: 8, Instructions: 138timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0057544C Relevance: 12.1, APIs: 8, Instructions: 128COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E1DD8 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F3681 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005A1452 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573C69 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059525C Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E1C8A Relevance: 10.6, APIs: 7, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F377B Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C85E6 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C86BF Relevance: 10.6, APIs: 7, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D1330 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D1405 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F4A66 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059D60F Relevance: 10.6, APIs: 7, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE854 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D17B9 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E283C Relevance: 9.3, APIs: 6, Instructions: 298COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005745EE Relevance: 9.3, APIs: 6, Instructions: 277COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0058FFD6 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059602C Relevance: 9.2, APIs: 6, Instructions: 216COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C0851 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573FE0 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F8BA7 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00580A12 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D164F Relevance: 9.1, APIs: 6, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C5C3A Relevance: 9.1, APIs: 6, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F864E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2875 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C25DE Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00592C4B Relevance: 9.0, APIs: 6, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C61D2 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F940F Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005B89E2 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C298E Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F472C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2E91 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F3895 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C4024 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00584C79 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0057290F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005728D8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D36AD Relevance: 7.8, APIs: 5, Instructions: 314fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005EAD7F Relevance: 7.8, APIs: 5, Instructions: 256COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C9A8B Relevance: 7.7, APIs: 5, Instructions: 160COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E23E0 Relevance: 7.7, APIs: 5, Instructions: 154COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D95DA Relevance: 7.6, APIs: 5, Instructions: 144COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F7526 Relevance: 7.6, APIs: 5, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00591E72 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D6291 Relevance: 7.6, APIs: 5, Instructions: 118fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E14FC Relevance: 7.6, APIs: 5, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059CBED Relevance: 7.6, APIs: 5, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573B38 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00592CCF Relevance: 7.6, APIs: 5, Instructions: 53COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C10AB Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CF7F5 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2203 Relevance: 7.5, APIs: 5, Instructions: 47memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C211E Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D116D Relevance: 7.5, APIs: 6, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059D56A Relevance: 7.5, APIs: 5, Instructions: 40COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C4B6E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005920C4 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573BF5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C37EF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005737B5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CD017 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F486F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F5020 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F414F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F4BA4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00575C80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F8B3E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C111E Relevance: 6.3, APIs: 4, Instructions: 323COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00593D09 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E3F84 Relevance: 6.3, APIs: 4, Instructions: 271COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005A12C1 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F6C96 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E26B2 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059B24F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059D6F3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F5CEF Relevance: 6.1, APIs: 4, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F803B Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F1FFD Relevance: 6.1, APIs: 4, Instructions: 102COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CEDF0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C03B2 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F99F9 Relevance: 6.1, APIs: 4, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CE098 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F30A0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C87B9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00591B2A Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2B43 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00573AE2 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CF018 Relevance: 6.1, APIs: 4, Instructions: 56synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0058D06B Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CF6C9 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00574570 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C831E Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00592F4A Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CBEF3 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F87CE Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F924C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00574A5F Relevance: 6.0, APIs: 4, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C273F Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005A56F9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D592D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233shareCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056C9A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DDBE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CD166 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F4F02 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F3B74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005DD82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F3DBF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CD287 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2E06 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2CFE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2D83 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CEF07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C1C1B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005A5493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F2C46 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F2C7A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059BC2D Relevance: 5.1, APIs: 4, Instructions: 139COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|