Windows
Analysis Report
SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe (PID: 6360 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sig gen6.38594 .5893.1084 4.exe" MD5: 97F55264C8760830B70FFCC058CDA63B)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Code function: | 4_2_100032D2 | |
Source: | Code function: | 4_2_1000CCAE | |
Source: | Code function: | 4_2_1000B942 | |
Source: | Code function: | 4_2_10003292 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 4_2_10003902 | |
Source: | Code function: | 4_2_10005ACC |
Source: | Code function: | 4_2_1000EA17 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 4_2_10003187 |
Source: | Code function: | 4_2_10011088 | |
Source: | Code function: | 4_2_1001108C | |
Source: | Code function: | 4_2_10011090 | |
Source: | Code function: | 4_2_10011094 | |
Source: | Code function: | 4_2_10011098 | |
Source: | Code function: | 4_2_1001109C | |
Source: | Code function: | 4_2_10011088 | |
Source: | Code function: | 4_2_10011088 | |
Source: | Code function: | 4_2_10011088 | |
Source: | Code function: | 4_2_10011088 | |
Source: | Code function: | 4_2_1001111C | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011208 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011210 | |
Source: | Code function: | 4_2_1000E214 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011218 | |
Source: | Code function: | 4_2_1001123C | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011274 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011288 | |
Source: | Code function: | 4_2_10011298 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10010ECC | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_100112E8 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011324 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_1001134C | |
Source: | Code function: | 4_2_10011358 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011364 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011378 | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_1001138C | |
Source: | Code function: | 4_2_10011204 | |
Source: | Code function: | 4_2_10011394 | |
Source: | Code function: | 4_2_10011204 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 4_2_10008CE9 |
Source: | Code function: | 4_2_1000827F |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 4_2_10005ACC |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Code function: | 4_2_10003A72 |
Source: | Code function: | 4_2_1000724D | |
Source: | Code function: | 4_2_10008BFB |
Source: | Check user administrative privileges: | graph_4-11758 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Key opened: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Code function: | 4_2_10003902 | |
Source: | Code function: | 4_2_10005ACC |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 4_2_10008EF8 |
Source: | Code function: | 4_2_10003A72 |
Source: | Code function: | 4_2_10005ACC |
Source: | Code function: | 4_2_065D57BC | |
Source: | Code function: | 4_2_065D35EC | |
Source: | Code function: | 4_2_065D1A18 |
Source: | Code function: | 4_2_1000107E |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 4_2_1000EC76 |
Source: | Code function: | 4_2_10003055 |
Source: | Code function: | 4_2_1000EF0E |
Source: | Code function: | 4_2_10008EF8 |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 231 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Valid Accounts | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 22 Virtualization/Sandbox Evasion | LSASS Memory | 251 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Access Token Manipulation | Security Account Manager | 22 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Software Packing | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 157 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
84% | ReversingLabs | Win32.Trojan.Miuref | ||
83% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1310467 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417151 |
Start date and time: | 2024-03-28 17:17:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Detection: | MAL |
Classification: | mal84.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 6.762530002678073 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
File size: | 292'352 bytes |
MD5: | 97f55264c8760830b70ffcc058cda63b |
SHA1: | a20a982a730098f73880f20032a26e496b93437b |
SHA256: | 22463d93ff44d3e221c9f8ec5b9f0fb561c1f9fd2c797bbc17b35b2d77282d57 |
SHA512: | c60c031aad00868d9102e52835b3822b4b22afaf788809c7326540234ae5d9c8dcfc6afbf0ddd9b06aead6a5dc03bfabf5641573080b8ccc73a306be9482db8b |
SSDEEP: | 3072:cQbLeju6zRMIsvHU4mJ5i0lk7/Pu+9eIV67MEMFvNyDgH+AIUiJDNL2V2kEN3Q3/:2juGs/U4mu0gPl/6p6AgtXSE |
TLSH: | 1B54BE293A7CC623F1E604B4956DF760B67CBC700915416FBA98378E3EB52E15D2A20F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c...c...c...j.Z.q...j.L.....j.K.M...DK..b...DK..p...c.......j.E.b...}.[.b...j.^.b...Richc...........................PE..L.. |
Icon Hash: | 1c5f7b79790b2355 |
Entrypoint: | 0x404fdb |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, AGGRESIVE_WS_TRIM, LARGE_ADDRESS_AWARE, 16BIT_MACHINE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, NO_SEH, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x568CE0D2 [Wed Jan 6 09:39:30 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | f7c2fa537c5dff63023bb69a30f642ee |
Instruction |
---|
call 00007FF7D5103085h |
jmp 00007FF7D50FD08Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov ecx, dword ptr [esp+04h] |
test ecx, 00000003h |
je 00007FF7D50FD236h |
mov al, byte ptr [ecx] |
add ecx, 01h |
test al, al |
je 00007FF7D50FD260h |
test ecx, 00000003h |
jne 00007FF7D50FD201h |
add eax, 00000000h |
lea esp, dword ptr [esp+00000000h] |
lea esp, dword ptr [esp+00000000h] |
mov eax, dword ptr [ecx] |
mov edx, 7EFEFEFFh |
add edx, eax |
xor eax, FFFFFFFFh |
xor eax, edx |
add ecx, 04h |
test eax, 81010100h |
je 00007FF7D50FD1FAh |
mov eax, dword ptr [ecx-04h] |
test al, al |
je 00007FF7D50FD244h |
test ah, ah |
je 00007FF7D50FD236h |
test eax, 00FF0000h |
je 00007FF7D50FD225h |
test eax, FF000000h |
je 00007FF7D50FD214h |
jmp 00007FF7D50FD1DFh |
lea eax, dword ptr [ecx-01h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-02h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-03h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-04h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 0041132Ch |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x14c48 | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2f000 | 0x1cdac | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4c000 | 0xfcc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11280 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x137d8 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x13790 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x238 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf300 | 0xf400 | 7458139f0bdd875f07ffe88d427af3bd | False | 0.5779969262295082 | data | 6.51636162260908 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x48c0 | 0x4a00 | 257b477a38de0e4ef1ec87bec47e2fd5 | False | 0.4956186655405405 | data | 5.86077723788229 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x16000 | 0xb87c | 0x9c00 | b3681e64106b2857fbd2163ce276e28a | False | 0.7600661057692307 | data | 6.893589490375841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.fera | 0x22000 | 0x6a99 | 0x6c00 | caff769c66a05c78c77d1496711e5900 | False | 0.8910951967592593 | data | 7.1554040407086035 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gdata | 0x29000 | 0x1ab1 | 0x1c00 | c8789537ccb3b593de5009fbd9daacc1 | False | 0.8098493303571429 | data | 6.777170235313139 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.put | 0x2b000 | 0x162e | 0x1800 | 1808c670dfe07cc9e58a81f561d9da15 | False | 0.9265950520833334 | data | 7.618117766264609 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tuda | 0x2d000 | 0x7b1 | 0x800 | 766b0e98721f3e5146414e5300828baa | False | 0.97900390625 | data | 7.660300830880262 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x2e000 | 0x9 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x2f000 | 0x1cdac | 0x1ce00 | f8f9d1071603b4287907596158e9e6a2 | False | 0.4531841856060606 | data | 5.972891108721358 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4c000 | 0x1f8a | 0x2000 | ff9da5dacc4e6b60c8c1821cc24d4e93 | False | 0.42138671875 | data | 4.192869820594252 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
IMAGE | 0x2f6c0 | 0xf9c | TIFF image data, little-endian, direntries=15, height=48, bps=3972, compression=deflate, PhotometricIntepretation=RGB, width=48 | English | United States | 0.9892392392392393 |
IMAGE | 0x3065c | 0x278 | TIFF image data, little-endian, direntries=15, height=16, bps=608, compression=deflate, PhotometricIntepretation=RGB, width=16 | English | United States | 0.8686708860759493 |
IMAGE | 0x308d4 | 0x1522 | TIFF image data, little-endian, direntries=15, height=48, bps=5386, compression=deflate, PhotometricIntepretation=RGB, width=44 | English | United States | 0.9924214417744917 |
IMAGE | 0x31df8 | 0x2bc | TIFF image data, little-endian, direntries=15, height=16, bps=676, compression=deflate, PhotometricIntepretation=RGB, width=16 | English | United States | 0.8928571428571429 |
IMAGE | 0x320b4 | 0xa9e | TIFF image data, little-endian, direntries=15, height=48, bps=2694, compression=deflate, PhotometricIntepretation=RGB, width=48 | English | United States | 0.9838116261957321 |
IMAGE | 0x32b54 | 0x1ea | TIFF image data, little-endian, direntries=15, height=50, bps=466, compression=deflate, PhotometricIntepretation=RGB, width=50 | English | United States | 0.746938775510204 |
IMAGE | 0x32d40 | 0x1ba | TIFF image data, little-endian, direntries=15, height=9, bps=418, compression=deflate, PhotometricIntepretation=RGB, width=9 | English | United States | 0.7805429864253394 |
IMAGE | 0x32efc | 0x24e | TIFF image data, little-endian, direntries=15, height=10, bps=566, compression=deflate, PhotometricIntepretation=RGB, width=10 | English | United States | 0.8576271186440678 |
IMAGE | 0x3314c | 0x23e | TIFF image data, little-endian, direntries=15, height=10, bps=550, compression=deflate, PhotometricIntepretation=RGB, width=10 | English | United States | 0.8501742160278746 |
UIFILE | 0x3338c | 0xa41 | HTML document, ASCII text, with very long lines (350), with CRLF line terminators | English | United States | 0.23961904761904762 |
WEVT_TEMPLATE | 0x33dd0 | 0x13f2 | data | English | United States | 0.2783000391696044 |
RT_BITMAP | 0x351c4 | 0x10e8 | Device independent bitmap graphic, 528 x 16 x 4, image size 4224 | English | United States | 0.324630314232902 |
RT_BITMAP | 0x362ac | 0x9d2 | Device independent bitmap graphic, 96 x 16 x 8, image size 0, resolution 2834 x 2834 px/m, 234 important colors | English | United States | 0.6328560063643596 |
RT_ICON | 0x36c80 | 0x4c28 | Device independent bitmap graphic, 128 x 256 x 8, image size 18432, resolution 11811 x 11811 px/m | English | United States | 0.27944193680755025 |
RT_ICON | 0x3b8a8 | 0x2ca8 | Device independent bitmap graphic, 96 x 192 x 8, image size 10368, resolution 11811 x 11811 px/m | English | United States | 0.3761371588523443 |
RT_ICON | 0x3e550 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 0, resolution 11811 x 11811 px/m | English | United States | 0.4307301293900185 |
RT_ICON | 0x439d8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0, resolution 11811 x 11811 px/m | English | United States | 0.4246575342465753 |
RT_ICON | 0x47c00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0, resolution 11811 x 11811 px/m | English | United States | 0.4884854771784232 |
RT_ICON | 0x4a1a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0, resolution 11811 x 11811 px/m | English | United States | 0.6764184397163121 |
RT_DIALOG | 0x4a610 | 0x614 | data | English | United States | 0.38110539845758357 |
RT_DIALOG | 0x4ac24 | 0xe0 | data | English | United States | 0.7053571428571429 |
RT_DIALOG | 0x4ad04 | 0x108 | data | English | United States | 0.6553030303030303 |
RT_DIALOG | 0x4ae0c | 0x204 | data | English | United States | 0.5833333333333334 |
RT_DIALOG | 0x4b010 | 0x424 | data | English | United States | 0.44528301886792454 |
RT_DIALOG | 0x4b434 | 0x16c | data | English | United States | 0.6208791208791209 |
RT_DIALOG | 0x4b5a0 | 0x17e | data | English | United States | 0.581151832460733 |
RT_DIALOG | 0x4b720 | 0x1c4 | data | English | United States | 0.5619469026548672 |
RT_GROUP_ICON | 0x4b8e4 | 0x5a | data | English | United States | 0.8222222222222222 |
RT_VERSION | 0x4b940 | 0x310 | data | English | United States | 0.49489795918367346 |
RT_MANIFEST | 0x4bc50 | 0x15a | ASCII text, with CRLF line terminators | English | United States | 0.5491329479768786 |
DLL | Import |
---|---|
KERNEL32.dll | WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetFilePointer, FlushFileBuffers, GetConsoleMode, GetConsoleCP, HeapSize, InitializeCriticalSectionAndSpinCount, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, SetStdHandle, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, GetStdHandle, WriteFile, lstrcpyA, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, SetLastError, GetLastError, GetProfileIntA, ExitProcess, Sleep, HeapReAlloc, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, VirtualFree, GlobalUnlock, lstrcatA, ReadFile, GlobalAlloc, GlobalLock, lstrlenA, GetFileSize, HeapCreate, GetCurrentThreadId, TlsFree, TlsSetValue, TlsAlloc, GetTickCount, CreateFileA, MultiByteToWideChar, HeapFree, HeapAlloc, WideCharToMultiByte, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleW, TlsGetValue |
USER32.dll | SendMessageTimeoutA, IsWindowEnabled, GetClassLongA, GetWindow, CallWindowProcA, UpdateWindow, SetWindowTextA, AllowSetForegroundWindow, EndPaint, DestroyWindow, GetWindowRect, InsertMenuItemA, PostQuitMessage, LoadImageW, DrawTextA, GetSubMenu, GetParent, LoadIconA, DefWindowProcA, wsprintfA, GetClientRect, BeginPaint, GetDC, GetWindowTextA, SetWindowLongA, MessageBoxA, InvalidateRect, CreateWindowStationA, GetWindowLongA, CreateWindowExA, ReleaseDC, GetDlgItem, IsWindowVisible |
GDI32.dll | CreateSolidBrush, SetTextColor, CreateFontA, DeleteObject, SelectObject |
COMDLG32.dll | CommDlgExtendedError |
ole32.dll | CreateILockBytesOnHGlobal, CoInitialize, CoRegisterClassObject, CreateStreamOnHGlobal |
OLEAUT32.dll | OleSavePictureFile, OleLoadPicture |
AVIFIL32.dll | AVIStreamInfoA, AVIFileExit, AVIFileRelease, AVIStreamOpenFromFileA, AVIFileOpenA, AVIFileInit |
gdiplus.dll | GdipDisposeImage, GdipCreateBitmapFromHBITMAP, GdiplusStartup |
IMM32.dll | ImmGetDefaultIMEWnd |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 4 |
Start time: | 17:18:05 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 292'352 bytes |
MD5 hash: | 97F55264C8760830B70FFCC058CDA63B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 9.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 18.6% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 21 |
Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000724D Relevance: 9.1, APIs: 6, Instructions: 92processCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000827F Relevance: 6.1, APIs: 4, Instructions: 99comCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008BFB Relevance: 4.6, APIs: 3, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008CE9 Relevance: 4.5, APIs: 3, Instructions: 38processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000107E Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003055 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D57BC Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007686 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 53libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F05F Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 296fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100040FC Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 171registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000843E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179sleepmemoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002F30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80libraryfileloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CBAA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100049FA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002CB0 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100010E8 Relevance: 6.0, APIs: 4, Instructions: 27memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003990 Relevance: 4.5, APIs: 3, Instructions: 49processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100048FC Relevance: 4.5, APIs: 3, Instructions: 46threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003936 Relevance: 4.5, APIs: 3, Instructions: 33processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DE54 Relevance: 3.0, APIs: 2, Instructions: 46fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E1C0 Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000206A Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3B5C Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3CCC Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F346 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3B2C Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100038E5 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004991 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3C8C Relevance: 1.3, APIs: 1, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D0A78 Relevance: 1.3, APIs: 1, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3C5C Relevance: 1.3, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D0A48 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D3B9C Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D09E8 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005ACC Relevance: 93.6, APIs: 18, Strings: 35, Instructions: 878libraryfileloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EC76 Relevance: 10.7, APIs: 7, Instructions: 197synchronizationtimenetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EF0E Relevance: 6.1, APIs: 4, Instructions: 131synchronizationtimethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10010ECC Relevance: 4.7, Strings: 3, Instructions: 975COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011088 Relevance: 4.5, Strings: 3, Instructions: 783COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001108C Relevance: 3.3, Strings: 2, Instructions: 782COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011090 Relevance: 3.3, Strings: 2, Instructions: 780COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011094 Relevance: 3.3, Strings: 2, Instructions: 778COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011098 Relevance: 3.3, Strings: 2, Instructions: 776COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001109C Relevance: 3.3, Strings: 2, Instructions: 774COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001111C Relevance: 3.2, Strings: 2, Instructions: 715COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011204 Relevance: 3.1, Strings: 2, Instructions: 640COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011208 Relevance: 3.1, Strings: 2, Instructions: 638COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011210 Relevance: 3.1, Strings: 2, Instructions: 634COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011218 Relevance: 3.1, Strings: 2, Instructions: 630COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001123C Relevance: 3.1, Strings: 2, Instructions: 613COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011274 Relevance: 3.1, Strings: 2, Instructions: 586COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011288 Relevance: 3.1, Strings: 2, Instructions: 576COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011298 Relevance: 3.1, Strings: 2, Instructions: 566COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100112E8 Relevance: 3.0, Strings: 2, Instructions: 520COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003902 Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011324 Relevance: 1.7, Strings: 1, Instructions: 488COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001134C Relevance: 1.7, Strings: 1, Instructions: 471COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011358 Relevance: 1.7, Strings: 1, Instructions: 467COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011364 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011378 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001138C Relevance: 1.7, Strings: 1, Instructions: 446COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011394 Relevance: 1.7, Strings: 1, Instructions: 443COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E214 Relevance: .6, Instructions: 605COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D35EC Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 065D1A18 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007A4B Relevance: 24.2, APIs: 16, Instructions: 200commemorythreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007F29 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 197networkfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007C7E Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 168memorycomCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D829 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 322fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100050AE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 141registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C35B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 176networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DCC5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 79sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BAF8 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 242fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BD8F Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 221fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003E0F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D208 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 107networksleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100057EC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004490 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E0A7 Relevance: 7.6, APIs: 5, Instructions: 104fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C5F3 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A66D Relevance: 7.6, APIs: 5, Instructions: 50networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ACD8 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 265timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C9D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ABB6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CAFD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003556 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000273C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002892 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000279D Relevance: 6.1, APIs: 4, Instructions: 52processsynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000280C Relevance: 6.0, APIs: 4, Instructions: 46fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000AB5F Relevance: 6.0, APIs: 4, Instructions: 35networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100010AA Relevance: 6.0, APIs: 4, Instructions: 25memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100029B1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135librarystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100049B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |