Windows
Analysis Report
SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe (PID: 4548 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. BScope.Tro jan.Swrort .25034.196 36.exe" MD5: AEA72794061E7055003524C90109B369) - conhost.exe (PID: 3500 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Code function: | 0_2_00B6D1D0 |
Source: | Code function: | 0_2_00B617CB |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00B6D1D0 | |
Source: | Code function: | 0_2_00B61271 | |
Source: | Code function: | 0_2_00B6D480 | |
Source: | Code function: | 0_2_00B6DEA0 |
Source: | Code function: | 0_2_00B61393 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 DLL Side-Loading | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | |||
10% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417537 |
Start date and time: | 2024-03-29 15:25:10 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe |
Detection: | MAL |
Classification: | mal48.winEXE@2/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe, PID 4548 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 5.4602723130301305 |
TrID: |
|
File name: | SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe |
File size: | 165'888 bytes |
MD5: | aea72794061e7055003524c90109b369 |
SHA1: | 2e21dd9cee8985d0d82cfc2a527d6ce6f830d971 |
SHA256: | 3bac7343a0a848b51baf15fd2c7e9140a8d8f297a50e33fd204929be52617d3b |
SHA512: | dde9a6caf031d93122bae70c0bba0a08f0e51c8e77a2b0fdf1135019a4477efbc7503b2913c4ceb89c80db89e80b5ffe4dc94896013f9eb250939cd8a8862f41 |
SSDEEP: | 3072:SH8WDQIATG3dSN6ShjbIPYTZ5uEDFhBnH/nyRbC3:SH8fFIAlbIPYt5uEDFhxvyRm3 |
TLSH: | 6FF33A717E4BC877FA93017B4EF888EA1A58D95087D514D3618836ED86663E12F3324F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K....x...x...x.......x.......x.......x..T....x...x..yx.......x....H..x...x ..x.......x..Rich.x..........PE..L...Zm._........... |
Icon Hash: | 0fc69a89a2b20b2b |
Entrypoint: | 0x411767 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5F8C6D5A [Sun Oct 18 16:29:14 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | dde35834c0080e8293305a230903e455 |
Instruction |
---|
jmp 00007FC30C825389h |
jmp 00007FC30C8243C4h |
jmp 00007FC30C8279CEh |
jmp 00007FC30C82794Bh |
jmp 00007FC30C8279D0h |
jmp 00007FC30C822380h |
jmp 00007FC30C825B1Bh |
jmp 00007FC30C81DB56h |
jmp 00007FC30C820311h |
jmp 00007FC30C8278F1h |
jmp 00007FC30C8278B0h |
jmp 00007FC30C8277D9h |
jmp 00007FC30C81F27Dh |
jmp 00007FC30C8252E8h |
jmp 00007FC30C827818h |
jmp 00007FC30C81CD7Eh |
jmp 00007FC30C81E749h |
jmp 00007FC30C81F5A4h |
jmp 00007FC30C825AFFh |
jmp 00007FC30C824257h |
jmp 00007FC30C82796Eh |
jmp 00007FC30C826C20h |
jmp 00007FC30C8244CBh |
jmp 00007FC30C8244D6h |
jmp 00007FC30C81F6F1h |
jmp 00007FC30C8272BCh |
jmp 00007FC30C8269A7h |
jmp 00007FC30C82779Bh |
jmp 00007FC30C82059Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2b304 | 0x78 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2f000 | 0xe0b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3e000 | 0xad8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x26e44 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x26e80 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2b000 | 0x304 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.textbss | 0x1000 | 0x10000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.text | 0x11000 | 0x1303b | 0x13200 | e0c98f65456ef0266e18f1e6397a29b4 | False | 0.2261029411764706 | data | 4.321248844005625 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x25000 | 0x40de | 0x4200 | 149a7b6eac171fde3dad7382aaaa97fd | False | 0.1436434659090909 | data | 2.1378142425729187 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2a000 | 0x758 | 0x400 | fb3e8ad50a4b150b5d4328bcb479e967 | False | 0.10546875 | data | 1.0465158531636134 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x2b000 | 0x1500 | 0x1600 | c3d790a286563ab60bee62eaa0b4311b | False | 0.32173295454545453 | data | 4.73050558824712 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.msvcjmc | 0x2d000 | 0x152 | 0x200 | 29473316e9a03fc3fca8712fbb8539d5 | False | 0.033203125 | Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001" | 0.5703645563524087 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.00cfg | 0x2e000 | 0x109 | 0x200 | 6c7c036177ff0cac8633ce58f9e14da6 | False | 0.03515625 | data | 0.11055713125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2f000 | 0xe0b0 | 0xe200 | 471219bf07be6fbc07814ccc84e589dd | False | 0.6580475663716814 | data | 6.469591996122458 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3e000 | 0xe3d | 0x1000 | 85b2b32db8c4a636b4faa792c4c5602f | False | 0.582763671875 | GLS_BINARY_LSB_FIRST | 5.281617383792299 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x2f300 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.7898936170212766 |
RT_ICON | 0x2f768 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | English | United States | 0.6491803278688525 |
RT_ICON | 0x300f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.5189962476547842 |
RT_ICON | 0x31198 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States | 0.38682572614107885 |
RT_ICON | 0x33740 | 0x71d8 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9965001372495196 |
RT_GROUP_ICON | 0x3a918 | 0x4c | data | English | United States | 0.7763157894736842 |
RT_MANIFEST | 0x3a968 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, Sleep, OpenProcess, ReadProcessMemory, WriteProcessMemory, SetConsoleTitleA, GetConsoleWindow, CreateToolhelp32Snapshot, Module32FirstW, Module32NextW, FreeLibrary, VirtualQuery, GetProcessHeap, HeapFree, HeapAlloc, GetLastError, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, GetCurrentProcess, WideCharToMultiByte, MultiByteToWideChar, RaiseException, GetModuleHandleW, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, GetCurrentThreadId, GetProcAddress |
USER32.dll | GetWindowRect, FindWindowA, GetWindowThreadProcessId, MoveWindow |
MSVCP140D.dll | ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z, _Cnd_do_broadcast_at_thread_exit, ?_Throw_Cpp_error@std@@YAXH@Z, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ, ??0_Lockit@std@@QAE@H@Z, ??1_Lockit@std@@QAE@XZ, ?_Xlength_error@std@@YAXPBD@Z, ?uncaught_exception@std@@YA_NXZ, ?good@ios_base@std@@QBE_NXZ, ?flags@ios_base@std@@QBEHXZ, ?width@ios_base@std@@QBE_JXZ, ?width@ios_base@std@@QAE_J_J@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z |
VCRUNTIME140D.dll | __std_exception_copy, memcpy, __std_exception_destroy, _CxxThrowException, __CxxFrameHandler3, memset, __current_exception, __current_exception_context, _except_handler4_common, __std_type_info_destroy_list, __vcrt_GetModuleFileNameW, __vcrt_GetModuleHandleW, __vcrt_LoadLibraryExW, memmove |
ucrtbased.dll | _initterm, _initterm_e, exit, _exit, _set_fmode, __p___argc, __p___argv, _c_exit, _register_thread_local_exe_atexit_callback, _configthreadlocale, _set_new_mode, __p__commode, _beginthreadex, strcpy_s, strcat_s, __stdio_common_vsprintf_s, _controlfp_s, _wmakepath_s, _wsplitpath_s, wcscpy_s, strlen, _wcsicmp, system, _CrtDbgReport, _invalid_parameter, _get_initial_narrow_environment, _set_app_type, _seh_filter_exe, _CrtDbgReportW, _cexit, _crt_at_quick_exit, _crt_atexit, _execute_onexit_table, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _configure_narrow_argv, _seh_filter_dll, malloc, _free_dbg, _callnewh, __setusermatherr, terminate |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:25:57 |
Start date: | 29/03/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Swrort.25034.19636.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 165'888 bytes |
MD5 hash: | AEA72794061E7055003524C90109B369 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 15:25:57 |
Start date: | 29/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Function 00B6D480 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B61271 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B61393 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B617CB Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6AC50 Relevance: 75.5, APIs: 31, Strings: 12, Instructions: 204sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6B460 Relevance: 68.6, APIs: 13, Strings: 26, Instructions: 343sleepprocessCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B63E90 Relevance: 21.3, APIs: 14, Instructions: 319COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6EC80 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310memorylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6B020 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108threadinjectionCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6B1F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108threadinjectionCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B673D0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |