Windows
Analysis Report
mpclient.dll
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 6488 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\mpc lient.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 4040 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 2340 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\mpc lient.dll" ,#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 1720 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", #1 MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 6732 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 720 -s 696 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 6208 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mpcli ent.dll,Mp AddDynamic SignatureF ile MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7228 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mpcli ent.dll,Mp AllocMemor y MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7268 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mpcli ent.dll,Mp CleanOpen MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7736 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpAddDynam icSignatur eFile MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7744 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpAllocMem ory MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7760 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpCleanOpe n MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7784 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", dbkFCallWr apperAddr MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7980 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 784 -s 688 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7800 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", __dbk_fcal l_wrapper MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7820 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", TMethodImp lementatio nIntercept MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 8048 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 820 -s 688 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7840 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpWDEnable MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7868 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUtilsExp ortFunctio ns MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7884 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUpdateTS ModeEx MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7896 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUpdateSt artEx MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7912 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUpdateSt art MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7932 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUpdatePl atform MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7988 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUnblockS ignatures MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8012 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUnblockP latform MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8040 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpUnblockE ngine MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8060 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpThreatOp en MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8072 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpThreatEn umerate MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8088 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpSetTPSta te MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 8108 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mpcl ient.dll", MpServiceL ogMessage MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_010FE100 | |
Source: | Code function: | 0_2_010FDB34 | |
Source: | Code function: | 5_2_0040E100 | |
Source: | Code function: | 5_2_0040DB34 | |
Source: | Code function: | 22_2_0040E100 | |
Source: | Code function: | 22_2_0040DB34 | |
Source: | Code function: | 24_2_0040E100 | |
Source: | Code function: | 24_2_0040DB34 |
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_010FC4EC | |
Source: | Code function: | 5_2_0040C4EC | |
Source: | Code function: | 22_2_0040C4EC | |
Source: | Code function: | 24_2_0040C4EC |
Source: | Process created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: | |||
Source: | Key opened: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0110090D | |
Source: | Code function: | 0_2_011009FD | |
Source: | Code function: | 0_2_01100871 | |
Source: | Code function: | 0_2_0110087D | |
Source: | Code function: | 0_2_01100865 | |
Source: | Code function: | 0_2_011008C5 | |
Source: | Code function: | 0_2_011008E9 | |
Source: | Code function: | 0_2_010F73C9 | |
Source: | Code function: | 0_2_01100A15 | |
Source: | Code function: | 0_2_0110024D | |
Source: | Code function: | 0_2_01101033 | |
Source: | Code function: | 5_2_00410865 | |
Source: | Code function: | 5_2_00410871 | |
Source: | Code function: | 5_2_0041087D | |
Source: | Code function: | 5_2_004108C5 | |
Source: | Code function: | 5_2_004108E9 | |
Source: | Code function: | 5_2_0041090D | |
Source: | Code function: | 5_2_004109FD | |
Source: | Code function: | 5_2_0041024D | |
Source: | Code function: | 5_2_00410A15 | |
Source: | Code function: | 5_2_0041EAF1 | |
Source: | Code function: | 5_2_004073C9 | |
Source: | Code function: | 5_2_00411033 | |
Source: | Code function: | 22_2_00410865 | |
Source: | Code function: | 22_2_00410871 | |
Source: | Code function: | 22_2_0041087D | |
Source: | Code function: | 22_2_004108C5 | |
Source: | Code function: | 22_2_004108E9 | |
Source: | Code function: | 22_2_0041090D | |
Source: | Code function: | 22_2_004109FD | |
Source: | Code function: | 22_2_0041024D |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Evasive API call chain: | graph_5-6469 | ||
Source: | Evasive API call chain: | graph_0-6511 |
Source: | Evasive API call chain: | graph_0-6497 | ||
Source: | Evasive API call chain: | graph_5-6455 |
Source: | Last function: |
Source: | Code function: | 0_2_010FE100 | |
Source: | Code function: | 0_2_010FDB34 | |
Source: | Code function: | 5_2_0040E100 | |
Source: | Code function: | 5_2_0040DB34 | |
Source: | Code function: | 22_2_0040E100 | |
Source: | Code function: | 22_2_0040DB34 | |
Source: | Code function: | 24_2_0040E100 | |
Source: | Code function: | 24_2_0040DB34 |
Source: | Code function: | 0_2_0110003C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-6651 | ||
Source: | API call chain: | graph_5-6645 | ||
Source: | API call chain: | graph_22-6645 | ||
Source: | API call chain: | graph_24-6645 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_010F8500 |
Source: | Code function: | 0_2_010FE238 | |
Source: | Code function: | 0_2_010FD6D8 | |
Source: | Code function: | 5_2_0040E238 | |
Source: | Code function: | 5_2_0040D6D8 | |
Source: | Code function: | 22_2_0040E238 | |
Source: | Code function: | 22_2_0040D6D8 | |
Source: | Code function: | 24_2_0040E238 | |
Source: | Code function: | 24_2_0040D6D8 |
Source: | Code function: | 0_2_01100050 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 23 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | Win32.Trojan.SpywareX | ||
100% | Avira | HEUR/AGEN.1338291 | ||
100% | Joe Sandbox ML |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1396494 |
Start date and time: | 2024-02-21 21:30:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | mpclient.dll |
Detection: | MAL |
Classification: | mal60.winDLL@87/13@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22, 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: mpclient.dll
Time | Type | Description |
---|---|---|
21:31:06 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_20f9428fc69f80b8fcc03e3341cbf863e0bcfdc7_7522e4b5_52103b4a-3fcb-4747-9090-aad0eb711ac4\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9243115583553735 |
Encrypted: | false |
SSDEEP: | 192:mjlBLiGOTMT0BU/wjeTQWAzuiFi9Z24IO84ci:8lBLiH4ABU/wjeczuiF2Y4IO84ci |
MD5: | 6647A6C8F14386E2AE0366BA95746844 |
SHA1: | D4C8C62F5957FA3846BD9BE5DF1D24CA22BAE0D6 |
SHA-256: | A6C1753249C454329DA281AE9FA90DCBDCA3E9A572D963B1B3C9251A63B6525F |
SHA-512: | 2452490B5202DDB1D62A1321E8E5035B2340AC030790EDA60E8446B6B8A0B6A57D74A15ADA6145ADB535FEF36AA12BA4ACF23BE75D7505492067143C610F0236 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_20f9428fc69f80b8fcc03e3341cbf863e0bcfdc7_7522e4b5_ab4840ec-f641-4ca3-ac94-4c3332b26cf8\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9242324153677586 |
Encrypted: | false |
SSDEEP: | 192:yIiW/OwT0BU/wjeTQ2AzuiFi9Z24IO84ci:piWmwABU/wje8zuiF2Y4IO84ci |
MD5: | 75408B3169C326D7C4661164FB3546CF |
SHA1: | 86D167F155115B7997E24F8F694AAC741F1002B9 |
SHA-256: | D3871B0CEF792E0E3B41AD0E797AB4303BD529632B1193497EE44B640B02EE05 |
SHA-512: | 5661A4CF0D2B5C7597CE24C1D396CD3B6C642C94D0DF885916D3019FAABEB16CD3F1E1793809C534D5997C88D2068098459B84AADE30F610185ED724580B3338 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9c8c3888a72df77b28b6ce79de7796e2729c18e5_7522e4b5_aae2bca9-da81-47d2-81db-5aabcf737fdc\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.918952360429739 |
Encrypted: | false |
SSDEEP: | 192:QiiWOOU0BU/wjeTQ2AzuiFi9Z24IO8dci:xiXOPBU/wje8zuiF2Y4IO8dci |
MD5: | 29442D7BA32B32475084F0D41F521A81 |
SHA1: | 4043E01050555556A5221B8204765177B32C6F83 |
SHA-256: | 9EFD894CC662ADD45BE08A11D210E16C2A21DF200F6CE685E107E80508D5269B |
SHA-512: | 574AD2186E547D2D12BE3C4C1E6825F05937CC74D83F0C1CACDEBB006EA65F5073EC1BFDBC8BF2FC813350B3598E2DC5A315E53B1CF128E74DAE238CD73F1446 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46648 |
Entropy (8bit): | 1.9043360935014533 |
Encrypted: | false |
SSDEEP: | 192:/8K7EPjx2BX/XNq8TXO5H4bAzU1OPgRVHh7/OxWADv+:oPl2l1q15H6AzU1OP8Hh/w |
MD5: | 4803DDCD33DDBAB8C0038369426A3EB8 |
SHA1: | 31A3A4AC72E87BFB2E12310609A2FF6A844C822B |
SHA-256: | 58FEBFD4C9057ADC8606C6137740CF0223EBF510F95E856A1297961D413311C8 |
SHA-512: | 9F5CC1C5E719FE771BF441055A5AD8DF118F2A72CBBF63FDF08A5D900841C91FE29CB02BB85D877A72C79DF7D767987C389EF63B2C23DE0A802D36669DA43A36 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8322 |
Entropy (8bit): | 3.6872388688085804 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRQ6x3xZ6YuDw6ngmf8Epprp89b2Zsf0Xym:R6lXJW6x3xZ6Ygw6ngmf8Ey2yf2 |
MD5: | 1350DBEA34379E3E1BEE182F9B4FC8CD |
SHA1: | 2B5F3298C5A62778363BFA7D14C8E9CF210CC2DE |
SHA-256: | 608DA4E081017AC89A36BDE36EA1864287586E725E9B25104F71D933B31913BF |
SHA-512: | A55E9588BD51E9BB8B9CDD60B41159A0F14995E465B14D8CC706778063AC2007AEA3D4A7679E9500E83C75B123E0199556B3B420E09AD7437786C067219BC931 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4747 |
Entropy (8bit): | 4.439452559601604 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zssJg77aI9sSyWpW8VYlYm8M4JCdPcDFwJ+q8vjPcsGScSCd:uIjfqI7qO7VxJwJKFJ3Cd |
MD5: | 08CE697291A7DC614831EF11F798D52D |
SHA1: | 8162652DBF2DBFE889D54FDBD7F9CFD46D0E39D6 |
SHA-256: | EE4B12FF745E851C87D81C0FE8D8BCB8EA6F38EC38004B56B3D13C86E6038FA0 |
SHA-512: | 69FE517E0C7A3D83B1FA59295B7D56859C19DFA045CC12E235BD17ED49CDE3C045208FB878B38C6286917D898D245EC58ED636EAEE34E16ABBA98FBADC72047E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 51048 |
Entropy (8bit): | 1.856562796215349 |
Encrypted: | false |
SSDEEP: | 192:ecNGP4tLiXMIsO5H4Lkp2us+C8fpeUe1PPtIdI:Ztd05HqqxtE13aO |
MD5: | DBE5E3FF67EEEB56515A3DBD266BB3E9 |
SHA1: | 838E86033D24E871319435192F17B900D1178A61 |
SHA-256: | CB4FB657932DAD11CD2DF9643409EFE9F5A6F132EC64668358B36088F17401E1 |
SHA-512: | 6123B276D2E326B002DB8C15ECC52DD87158C674B60690CA2B0FF2605AAFEA929E4454420D223ACB4807C680E8D845D68F3F56B8B379A47760EE55A7E5332DDB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45420 |
Entropy (8bit): | 1.9855617826938738 |
Encrypted: | false |
SSDEEP: | 192:7UJ7Edjx2BX/XNwO5H4b0W4okc/CFL2bl85oxnTKepc:wSdl2l1H5H60W4okDFLGl82nWe |
MD5: | 3BFA24BA657F733CE76EAAD51DBF3706 |
SHA1: | 5EAD070180028155947EAC1352B462226215C2AB |
SHA-256: | 6602D18E737916FEE87E41638CC188FA475F15C2DA84964A04B93D7FA38133D9 |
SHA-512: | 79BE703B4C06306B7258FB45FB6AD8395E971F67A559F912DCC9ABEE32ABFE3B2CF16F504DE695CF7DE7D5D729D1FF3544C0720C435B8A4731451BF65364E908 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8356 |
Entropy (8bit): | 3.688958633944492 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ516qgA6Y4n6vcmiGgmf8EpprRb89babgsfClOUjm:R6lXJL6qgA6YA6vtDgmf8ENcabzfClZ6 |
MD5: | 366C128542622EB8C1D07E2D0B1F900C |
SHA1: | C82C24813557598A91D8B27E2ADE8FD4F70E7152 |
SHA-256: | 0C477BAD68A82CC43D83647D876D6387D3F7F36DA02E3C41F12BBC3256FB2258 |
SHA-512: | D7A76D4E4F4A2547D27B1199EE4F8FA8A97831BF75B6D4B25BECE9DA244FD9D61BF49815ED311A61CDE648C50539690A936C67A072D6963A985E5D828CE3759A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8292 |
Entropy (8bit): | 3.69190602742538 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJwP6Ry56Y4U6vcmiGgmfTQpprR289babqsf0uvUjm:R6lXJY6Ry56Yj6vtDgmfTQNfabJfw6 |
MD5: | 0835CA902FE6183131BB18A9CDADAF63 |
SHA1: | 0C08FE72E87C5CE03866AB4AB6A3BA63C5C32813 |
SHA-256: | 36366719BA09C1DA8EB980E2B3A8551E05ECB3A3F97BD55A75BCFF8E3641A7B6 |
SHA-512: | 938A24F10AD1D3D708CF12D784EADCBD6BBBCB2BCD7A3AE48F4E5BA53CE06B01B5DD660A68D5BF377F215A781E8EE68C762152E902D008571538E4B821DBA08F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4747 |
Entropy (8bit): | 4.439362785660993 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zssJg77aI9sSyWpW8VYtYm8M4JCdPcDFvG+q8vjPc6GScSrd:uIjfqI7qO7VZJvGKfJ3rd |
MD5: | 57A08767AD84CB6629C711BF0796E2B0 |
SHA1: | 35825E01B83F6343C290F93DADF3101A7C13B761 |
SHA-256: | 5E056BF4015A8BB1A7EF34DBD5721AF58D56220A1A100D87380A39FFC6417995 |
SHA-512: | 64B2CE9DBE7A123E3584C3D653A1F110DDDD6C950A1D3B7A9E495698A06E5756CAACCE0129D47F7EC8F224DE42143670384E77ECD361A43AB5BD9C43FC9914DD |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4646 |
Entropy (8bit): | 4.453441104320309 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zssJg77aI9sSyWpW8VYMYm8M4JCdPxF/+q8/HQZGScSgd:uIjfqI7qO7VoJAzZJ3gd |
MD5: | 6F146C00F3D455BE9CB0D53A81E10E90 |
SHA1: | CA0B899C2FB8270F4F0EFE9E087D86C757254208 |
SHA-256: | 486DE956C1AAFDE54EA29D8157E7D4247166457F5CFD4B800966B317ED49B839 |
SHA-512: | 5E4E8EC65D9C1F00A9959E17103A22C6B5F1D9894D838BE34A76EA441A77F58FF5D3CA5290DADDDD0B6531C2E191BFD87B98E8947C2A5B2B2C63983CCE5C5EB5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.417437693130665 |
Encrypted: | false |
SSDEEP: | 6144:Lcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNo5+:wi58oSWIZBk2MM6AFBWo |
MD5: | 6A9C2F1199B50D44E9C325F51580DDDB |
SHA1: | B2488D232B208D0DABC3E1C7840C95DB1C399B32 |
SHA-256: | 2EDEC52C9E2D86A947787F1567AA6E57C01F8120758B22BDE7B203FC3A965A12 |
SHA-512: | 432AF4D00B429B7CAAE781D8DC4714D3338A56CAC9A8EAC68B04BD773988B55C6D963FC6EA9CFDB02CA10C07417B50475CCDBCA7623D0E1E8703E43BAC3B6B5B |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.969982441395311 |
TrID: |
|
File name: | mpclient.dll |
File size: | 3'725'950 bytes |
MD5: | 5bc232f3354125b5fa634e101657f598 |
SHA1: | bd5360cae7760ed1dd72fbb90fa448f02e1e0ab8 |
SHA256: | 2b1056d4345ad77e4307f89a6e9181b96f20d7b82d4fec18dbc9be1e0636b0b7 |
SHA512: | 1a3f9a9838354dea0fbacca5e140e0ce86b7b63c6a5a83749ccd71b6d10994db84f1257dfc98f8865666a232a9bbdcf189cf9a5a3d0333200f99de304249ce34 |
SSDEEP: | 49152:JoI12hcK75SJYzZmHUxS3qNqTs07EXIUe/+/MuvzqAwoI:JoIsdtS3a2+0EI |
TLSH: | DB069E22B288653FD0AB0A3A4537E558993F77723926CD1777F4094C8F3A6416E3E60B |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x6a6804 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, DLL, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x65D5D342 [Wed Feb 21 10:41:06 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | dae1a3f04a7cd51523ba31141bb95f1e |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC0h |
mov eax, 0069D2E0h |
call 00007FDFB0D4BF2Dh |
push 00000000h |
call 00007FDFB0D77C56h |
call 00007FDFB0FD7741h |
test al, al |
je 00007FDFB0FE1047h |
call 00007FDFB0FD7600h |
call 00007FDFB0D44C97h |
mov eax, eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2c2000 | 0x71f | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2bd000 | 0x3886 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x300000 | 0x7800 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2c4000 | 0x3b244 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2bd9f4 | 0x8c8 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x2c1000 | 0xc12 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2a39a0 | 0x2a3a00 | f66de12fa2effbc18c040b7b5ecb2acd | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x2a5000 | 0x1830 | 0x1a00 | 78bccb694dacca915718b0e8b4343a6a | False | 0.51953125 | data | 6.087679747375109 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x2a7000 | 0xe8a4 | 0xea00 | 2e8ab70067463a0ce2a6e72300a44a8b | False | 0.5816639957264957 | data | 6.683669416799232 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x2b6000 | 0x64fc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x2bd000 | 0x3886 | 0x3a00 | b01f942c0fb53b6c8816455fa54ac147 | False | 0.32873114224137934 | data | 5.249046088725915 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x2c1000 | 0xc12 | 0xe00 | 2443c5f77c5b50aae3dee90880615c0d | False | 0.3071986607142857 | data | 3.8844486128614415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x2c2000 | 0x71f | 0x800 | 524589c39bf033b50e55207aae3f3ffa | False | 0.4619140625 | data | 5.170699436764405 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rdata | 0x2c3000 | 0x45 | 0x200 | 820ba320e186d50625bbdab2141723aa | False | 0.158203125 | ASCII text, with no line terminators | 1.168054808516945 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2c4000 | 0x3b244 | 0x3b400 | 52d0d346ff81996cb299a42df150f6d3 | False | 0.565067082014768 | data | 6.720570492852226 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x300000 | 0x7800 | 0x7800 | 9ce2a1f753e430c178e87469216cb9b7 | False | 0.28958333333333336 | data | 4.047208832050841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x300a10 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x300b44 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x300c78 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x300dac | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x300ee0 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x301014 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x301148 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_STRING | 0x30127c | 0x1d8 | data | 0.3389830508474576 | ||
RT_STRING | 0x301454 | 0x408 | data | 0.3808139534883721 | ||
RT_STRING | 0x30185c | 0x488 | data | 0.371551724137931 | ||
RT_STRING | 0x301ce4 | 0x364 | data | 0.33410138248847926 | ||
RT_STRING | 0x302048 | 0x418 | data | 0.40935114503816794 | ||
RT_STRING | 0x302460 | 0x134 | data | 0.5974025974025974 | ||
RT_STRING | 0x302594 | 0xd0 | data | 0.6778846153846154 | ||
RT_STRING | 0x302664 | 0x290 | data | 0.47103658536585363 | ||
RT_STRING | 0x3028f4 | 0x388 | data | 0.3805309734513274 | ||
RT_STRING | 0x302c7c | 0x3c4 | data | 0.38070539419087135 | ||
RT_STRING | 0x303040 | 0x438 | data | 0.38425925925925924 | ||
RT_STRING | 0x303478 | 0x464 | data | 0.3087188612099644 | ||
RT_STRING | 0x3038dc | 0x358 | data | 0.39953271028037385 | ||
RT_STRING | 0x303c34 | 0x388 | data | 0.4081858407079646 | ||
RT_STRING | 0x303fbc | 0x520 | data | 0.3544207317073171 | ||
RT_STRING | 0x3044dc | 0x4c8 | data | 0.397875816993464 | ||
RT_STRING | 0x3049a4 | 0x40c | data | 0.3465250965250965 | ||
RT_STRING | 0x304db0 | 0x38c | data | 0.3513215859030837 | ||
RT_STRING | 0x30513c | 0x44c | data | 0.39181818181818184 | ||
RT_STRING | 0x305588 | 0x19c | data | 0.441747572815534 | ||
RT_STRING | 0x305724 | 0xcc | data | 0.6274509803921569 | ||
RT_STRING | 0x3057f0 | 0x198 | data | 0.5612745098039216 | ||
RT_STRING | 0x305988 | 0x3c8 | data | 0.37913223140495866 | ||
RT_STRING | 0x305d50 | 0x3b4 | data | 0.3407172995780591 | ||
RT_STRING | 0x306104 | 0x354 | data | 0.3826291079812207 | ||
RT_STRING | 0x306458 | 0x2f0 | data | 0.3949468085106383 | ||
RT_RCDATA | 0x306748 | 0x15a | Delphi compiled form 'ApplicationFrameInputSinkWindow' | 0.7196531791907514 | ||
RT_RCDATA | 0x3068a4 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x3068b4 | 0x874 | data | 0.5415896487985212 | ||
RT_RCDATA | 0x307128 | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x30712c | 0xeb | Delphi compiled form 'TCCNCGICQUQ' | 0.8042553191489362 | ||
RT_RCDATA | 0x307218 | 0x2eb | Delphi compiled form 'TSBMDMITVSC' | 0.5582329317269076 | ||
RT_GROUP_CURSOR | 0x307504 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x307518 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x30752c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x307540 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x307554 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x307568 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x30757c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_VERSION | 0x307590 | 0x140 | MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79 | English | United States | 0.55 |
DLL | Import |
---|---|
winspool.drv | DocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW |
comctl32.dll | ImageList_GetImageInfo, FlatSB_SetScrollInfo, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage |
shell32.dll | SHGetFolderPathW, Shell_NotifyIconW |
user32.dll | CopyImage, SetMenuItemInfoW, GetMenuItemInfoW, DefFrameProcW, GetDlgCtrlID, FrameRect, RegisterWindowMessageW, GetMenuStringW, FillRect, SendMessageA, EnumWindows, ShowOwnedPopups, GetClassInfoExW, GetClassInfoW, GetScrollRange, SetActiveWindow, GetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, EnumChildWindows, GetScrollBarInfo, UnhookWindowsHookEx, SetCapture, GetCapture, ShowCaret, CreatePopupMenu, GetMenuItemID, CharLowerBuffW, PostMessageW, SetWindowLongW, IsZoomed, SetParent, DrawMenuBar, GetClientRect, IsChild, IsIconic, CallNextHookEx, ShowWindow, GetWindowTextW, SetForegroundWindow, GetAsyncKeyState, IsDialogMessageW, DestroyWindow, RegisterClassW, EndMenu, CharNextW, GetFocus, GetDC, SetFocus, ReleaseDC, mouse_event, CreateWindowExA, GetClassLongW, SetScrollRange, DrawTextW, PeekMessageA, MessageBeep, SetClassLongW, RemovePropW, AttachThreadInput, GetSubMenu, DestroyIcon, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, LoadStringW, CreateMenu, CharLowerW, SetWindowRgn, SetWindowPos, GetMenuItemCount, GetSysColorBrush, GetWindowDC, DrawTextExW, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, GetSysColor, EnableScrollBar, TrackPopupMenu, keybd_event, DrawIconEx, GetClassNameW, GetMessagePos, GetIconInfo, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, SetCursorPos, GetCursorPos, SetMenu, GetMenuState, GetMenu, SetRect, GetKeyState, GetCursor, KillTimer, WaitMessage, TranslateMDISysAccel, GetWindowPlacement, CreateWindowExW, GetDCEx, PeekMessageW, MonitorFromWindow, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, MapVirtualKeyW, IsWindowUnicode, DispatchMessageW, CreateAcceleratorTableW, DefMDIChildProcW, GetSystemMenu, SetScrollPos, GetScrollPos, InflateRect, DrawFocusRect, ReleaseCapture, SendInput, LoadCursorW, ScrollWindow, GetLastActivePopup, GetSystemMetrics, CharUpperBuffW, SetClipboardData, GetClipboardData, ClientToScreen, SetWindowPlacement, GetMonitorInfoW, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, ToAscii, EnableWindow, GetWindowThreadProcessId, RedrawWindow, EndPaint, MsgWaitForMultipleObjectsEx, FindWindowA, LoadKeyboardLayoutW, ActivateKeyboardLayout, GetParent, MonitorFromRect, InsertMenuItemW, GetPropW, MessageBoxW, SetPropW, UpdateWindow, MsgWaitForMultipleObjects, VkKeyScanW, DestroyMenu, SetWindowsHookExW, EmptyClipboard, AdjustWindowRectEx, IsWindow, DrawIcon, EnumThreadWindows, InvalidateRect, GetKeyboardState, ScreenToClient, DrawFrameControl, SetCursor, CreateIcon, RemoveMenu, GetKeyboardLayoutNameW, OpenClipboard, TranslateMessage, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CloseClipboard, DestroyCursor, PostMessageA, CopyIcon, PostQuitMessage, ShowScrollBar, EnableMenuItem, HideCaret, FindWindowExW, MonitorFromPoint, LoadIconW, SystemParametersInfoW, GetWindow, GetWindowRect, GetWindowLongW, InsertMenuW, IsWindowEnabled, IsDialogMessageA, FindWindowW, GetKeyboardLayout, DeleteMenu |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
oleaut32.dll | SysFreeString, VariantClear, VariantInit, GetErrorInfo, SysReAllocStringLen, SafeArrayCreate, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, VariantChangeType |
advapi32.dll | RegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegQueryValueExW, RegEnumValueW, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW |
netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
msvcrt.dll | memcpy, memset |
winhttp.dll | WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetTimeouts, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryAuthSchemes, WinHttpGetProxyForUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpWriteData, WinHttpSetCredentials, WinHttpQueryDataAvailable, WinHttpSetOption, WinHttpSendRequest, WinHttpQueryOption |
kernel32.dll | GetFileType, GetACP, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, VirtualProtect, TlsAlloc, TerminateThread, QueryPerformanceFrequency, IsDebuggerPresent, GetFullPathNameW, VirtualFree, ExitProcess, HeapAlloc, GetCPInfoExW, WriteProcessMemory, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, ReadFile, GetUserDefaultLCID, HeapSize, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, MulDiv, FreeResource, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, LoadLibraryExW, TerminateProcess, LockResource, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, GlobalFindAtomW, VirtualQueryEx, GlobalFree, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, SetThreadPriority, GlobalLock, VirtualAlloc, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, WinExec, GetVersionExW, GetModuleHandleA, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, TlsFree, GetConsoleOutputCP, GetConsoleCP, lstrlenW, SetEndOfFile, QueryPerformanceCounter, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, EnumResourceNamesW, IsDBCSLeadByteEx, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, GetComputerNameW, IsValidLocale, TlsSetValue, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, CreateEventW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale |
wsock32.dll | gethostbyaddr, WSACleanup, gethostbyname, bind, gethostname, closesocket, WSAGetLastError, connect, inet_addr, getpeername, WSAAsyncSelect, WSAAsyncGetServByName, WSACancelAsyncRequest, send, ntohs, htons, WSAStartup, getservbyname, getsockname, listen, socket, recv, inet_ntoa, ioctlsocket, WSAAsyncGetHostByName |
ole32.dll | IsEqualGUID, OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc |
gdi32.dll | Pie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, RectVisible, AngleArc, SetAbortProc, SetTextColor, StretchBlt, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, GetWindowOrgEx, CreatePalette, PolyBezierTo, CreateICW, CreateDCW, GetStockObject, CreateSolidBrush, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, GetEnhMetaFilePaletteEntries, CreatePenIndirect, CreateFontIndirectW, PolyBezier, EndDoc, GetObjectW, GetWinMetaFileBits, SetROP2, GetEnhMetaFileDescriptionW, ArcTo, Arc, SelectPalette, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, Rectangle, SaveDC, DeleteDC, FrameRgn, BitBlt, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, SetWinMetaFileBits, CombineRgn, GetStretchBltMode, CreateDIBitmap, SetStretchBltMode, GetDIBits, CreateDIBSection, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetBrushOrgEx, GetCurrentPositionEx, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetPixel, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries |
Name | Ordinal | Address |
---|---|---|
MpAddDynamicSignatureFile | 61 | 0x69d2cc |
MpAllocMemory | 60 | 0x69cf3c |
MpCleanOpen | 59 | 0x69cf4c |
MpCleanStart | 58 | 0x69cf5c |
MpClientUtilExportFunctions | 57 | 0x69cf6c |
MpConfigClose | 56 | 0x69cf7c |
MpConfigDelValue | 55 | 0x69cf8c |
MpConfigGetValue | 54 | 0x69cf9c |
MpConfigGetValueAlloc | 53 | 0x69cfac |
MpConfigInitialize | 52 | 0x69cfbc |
MpConfigIteratorClose | 51 | 0x69cfcc |
MpConfigIteratorEnum | 50 | 0x69cfdc |
MpConfigIteratorOpen | 49 | 0x69cfec |
MpConfigOpen | 48 | 0x69cffc |
MpConfigSetValue | 47 | 0x69d00c |
MpConfigUninitialize | 46 | 0x69d01c |
MpConveySampleSubmissionResult | 45 | 0x69d02c |
MpDynamicSignatureEnumerate | 44 | 0x69d03c |
MpDynamicSignatureOpen | 43 | 0x69d04c |
MpFreeMemory | 42 | 0x69d05c |
MpGetDevMode | 40 | 0x69d07c |
MpGetDeviceControlSecurityPolicies | 41 | 0x69d06c |
MpGetNpSupportFile | 39 | 0x69d08c |
MpGetSampleChunk | 38 | 0x69d09c |
MpGetTDTFeatureStatus | 36 | 0x69d0bc |
MpGetTDTFeatureStatusEx | 35 | 0x69d0cc |
MpGetTPStateInfo | 34 | 0x69d0dc |
MpGetTSModeInfo | 33 | 0x69d0ec |
MpGetTaskSchedulerStrings | 37 | 0x69d0ac |
MpHandleClose | 32 | 0x69d0fc |
MpManagerEnable | 31 | 0x69d10c |
MpManagerOpen | 30 | 0x69d11c |
MpManagerStatusQuery | 29 | 0x69d12c |
MpManagerStatusQueryEx | 28 | 0x69d13c |
MpManagerVersionQuery | 27 | 0x69d14c |
MpNetworkCapture | 26 | 0x69d15c |
MpQuarantineRequest | 25 | 0x69d16c |
MpQueryEngineConfigDword | 24 | 0x69d17c |
MpRemoveDynamicSignatureFile | 23 | 0x69d18c |
MpRollbackPlatform | 22 | 0x69d19c |
MpSampleQuery | 21 | 0x69d1ac |
MpSampleSubmit | 20 | 0x69d1bc |
MpScanControl | 19 | 0x69d1cc |
MpScanResult | 18 | 0x69d1dc |
MpScanStartEx | 17 | 0x69d1ec |
MpServiceLogMessage | 16 | 0x69d1fc |
MpSetTPState | 15 | 0x69d20c |
MpThreatEnumerate | 14 | 0x69d21c |
MpThreatOpen | 13 | 0x69d22c |
MpUnblockEngine | 12 | 0x69d23c |
MpUnblockPlatform | 11 | 0x69d24c |
MpUnblockSignatures | 10 | 0x69d25c |
MpUpdatePlatform | 9 | 0x69d26c |
MpUpdateStart | 8 | 0x69d27c |
MpUpdateStartEx | 7 | 0x69d28c |
MpUpdateTSModeEx | 6 | 0x69d29c |
MpUtilsExportFunctions | 5 | 0x69d2ac |
MpWDEnable | 4 | 0x69d2bc |
TMethodImplementationIntercept | 3 | 0x465380 |
__dbk_fcall_wrapper | 2 | 0x4115d0 |
dbkFCallWrapperAddr | 1 | 0x6b9640 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | false |
Target ID: | 1 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 21:30:54 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb90000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 21:30:57 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 21:31:00 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 21:31:03 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 20 |
Start time: | 21:31:03 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 21:31:03 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Has exited: | true |
Target ID: | 23 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 24 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 26 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 27 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 28 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 29 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 30 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 32 |
Start time: | 21:31:04 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 33 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb90000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 35 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 36 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 37 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb90000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 39 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 40 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Target ID: | 41 |
Start time: | 21:31:05 |
Start date: | 21/02/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Has exited: | true |
Execution Graph
Execution Coverage: | 4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 12.2% |
Total number of Nodes: | 238 |
Total number of Limit Nodes: | 12 |
Graph
Function 010FE238 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FE100 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0110003C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FDD24 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FA134 Relevance: 6.2, APIs: 4, Instructions: 161threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FE428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FE304 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01396804 Relevance: 2.3, APIs: 1, Instructions: 1013COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F570C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FDB34 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FD6D8 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01100050 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FC4EC Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F8500 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F7974 Relevance: 19.7, APIs: 13, Instructions: 189COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F90E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01101748 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F5DAC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F5FA4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FA3E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F62F0 Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F5A28 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010FD8D4 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 237 |
Total number of Limit Nodes: | 12 |
Graph
Function 0040E238 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E100 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DD24 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A134 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E304 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A6804 Relevance: 2.3, APIs: 1, Instructions: 1013COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041003C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040570C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB34 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407974 Relevance: 19.7, APIs: 13, Instructions: 189COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0069CDE4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 96injectionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004090E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FA4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A3E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A28 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D8D4 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 237 |
Total number of Limit Nodes: | 12 |
Graph
Function 0040E238 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E100 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DD24 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A134 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E304 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A6804 Relevance: 2.3, APIs: 1, Instructions: 1013COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041003C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040570C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB34 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407974 Relevance: 19.7, APIs: 13, Instructions: 189COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0069CDE4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 96injectionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004090E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FA4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A3E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A28 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D8D4 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 237 |
Total number of Limit Nodes: | 12 |
Graph
Function 0040E238 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E100 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DD24 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A134 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E304 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A6804 Relevance: 2.3, APIs: 1, Instructions: 1013COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041003C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040570C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB34 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407974 Relevance: 19.7, APIs: 13, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0069CDE4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 96injectionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004090E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FA4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A3E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A28 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D8D4 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |