Windows
Analysis Report
cylanceprotectsetupwithoptics.exe
Overview
General Information
Detection
Score: | 10 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 20% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample may be VM or Sandbox-aware, try analysis on a native machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
- cylanceprotectsetupwithoptics.exe (PID: 3320 cmdline:
"C:\Users\ user\Deskt op\cylance protectset upwithopti cs.exe" MD5: 796375900C5F33DB332FF8143F243083) - cylanceprotectsetupwithoptics.exe (PID: 1020 cmdline:
"C:\Window s\Temp\{D2 9CB8BE-513 E-4B9E-B69 F-E8CB205B 8828}\.cr\ cylancepro tectsetupw ithoptics. exe" -burn .clean.roo m="C:\User s\user\Des ktop\cylan ceprotects etupwithop tics.exe" -burn.file handle.att ached=512 -burn.file handle.sel f=528 MD5: 796375900C5F33DB332FF8143F243083)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Code function: | 1_2_00B19EB7 | |
Source: | Code function: | 1_2_00B3F961 | |
Source: | Code function: | 1_2_00B19C99 | |
Source: | Code function: | 2_2_00899EB7 | |
Source: | Code function: | 2_2_008BF961 | |
Source: | Code function: | 2_2_00899C99 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00B44315 | |
Source: | Code function: | 1_2_00B1993E | |
Source: | Code function: | 1_2_00B37A87 | |
Source: | Code function: | 1_2_00B03BC3 | |
Source: | Code function: | 2_2_008C4315 | |
Source: | Code function: | 2_2_0089993E | |
Source: | Code function: | 2_2_008B7A87 | |
Source: | Code function: | 2_2_00883BC3 | |
Source: | Code function: | 2_2_6E83BF6A |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_00B2C0FA | |
Source: | Code function: | 1_2_00B06184 | |
Source: | Code function: | 1_2_00B3022D | |
Source: | Code function: | 1_2_00B3A3B0 | |
Source: | Code function: | 1_2_00B30662 | |
Source: | Code function: | 1_2_00B0A7EF | |
Source: | Code function: | 1_2_00B3A85E | |
Source: | Code function: | 1_2_00B169CC | |
Source: | Code function: | 1_2_00B2F919 | |
Source: | Code function: | 1_2_00B30A97 | |
Source: | Code function: | 1_2_00B32B21 | |
Source: | Code function: | 1_2_00B32D50 | |
Source: | Code function: | 1_2_00B3ED4C | |
Source: | Code function: | 1_2_00B2FE15 | |
Source: | Code function: | 2_2_008AC0FA | |
Source: | Code function: | 2_2_00886184 | |
Source: | Code function: | 2_2_008B022D | |
Source: | Code function: | 2_2_008BA3B0 | |
Source: | Code function: | 2_2_008B0662 | |
Source: | Code function: | 2_2_0088A7EF | |
Source: | Code function: | 2_2_008BA85E | |
Source: | Code function: | 2_2_008969CC | |
Source: | Code function: | 2_2_008AF919 | |
Source: | Code function: | 2_2_008B0A97 | |
Source: | Code function: | 2_2_008B2B21 | |
Source: | Code function: | 2_2_008BED4C | |
Source: | Code function: | 2_2_008B2D50 | |
Source: | Code function: | 2_2_008AFE15 | |
Source: | Code function: | 2_2_066C9645 | |
Source: | Code function: | 2_2_06ADE1CE | |
Source: | Code function: | 2_2_6E83DCFE | |
Source: | Code function: | 2_2_6E837025 | |
Source: | Code function: | 2_2_6E83D850 | |
Source: | Code function: | 2_2_6E836DF6 | |
Source: | Code function: | 2_2_6E842978 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_00B3FD20 |
Source: | Code function: | 1_2_00B044E9 | |
Source: | Code function: | 2_2_008844E9 |
Source: | Code function: | 1_2_00B42F23 |
Source: | Code function: | 1_2_00B26945 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 1_2_00B01070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 | |
Source: | Command line argument: | 2_2_00881070 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_00B2E889 | |
Source: | Code function: | 2_2_008AE889 | |
Source: | Code function: | 2_2_06AEADCE | |
Source: | Code function: | 2_2_06AEB1B0 | |
Source: | Code function: | 2_2_06AEB1BC | |
Source: | Code function: | 2_2_06AEB1B6 | |
Source: | Code function: | 2_2_06AEB1EC | |
Source: | Code function: | 2_2_06AEB1E6 | |
Source: | Code function: | 2_2_06AEB1DA | |
Source: | Code function: | 2_2_06AEB1C8 | |
Source: | Code function: | 2_2_06AEB1C2 | |
Source: | Code function: | 2_2_06AEB1E0 | |
Source: | Code function: | 2_2_06AEB1AA | |
Source: | Code function: | 2_2_6E8344F9 | |
Source: | Code function: | 2_2_043E8436 | |
Source: | Code function: | 2_2_043E7531 | |
Source: | Code function: | 2_2_043E87F0 | |
Source: | Code function: | 2_2_043E7089 | |
Source: | Code function: | 2_2_043E7059 | |
Source: | Code function: | 2_2_043E3341 | |
Source: | Code function: | 2_2_043E3341 | |
Source: | Code function: | 2_2_043E7ED0 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evaded block: |
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: |
Source: | API coverage: |
Source: | Code function: | 1_2_00B3FDC2 | |
Source: | Code function: | 1_2_00B3FDC2 | |
Source: | Code function: | 2_2_008BFDC2 | |
Source: | Code function: | 2_2_008BFDC2 |
Source: | Code function: | 1_2_00B44315 | |
Source: | Code function: | 1_2_00B1993E | |
Source: | Code function: | 1_2_00B37A87 | |
Source: | Code function: | 1_2_00B03BC3 | |
Source: | Code function: | 2_2_008C4315 | |
Source: | Code function: | 2_2_0089993E | |
Source: | Code function: | 2_2_008B7A87 | |
Source: | Code function: | 2_2_00883BC3 | |
Source: | Code function: | 2_2_6E83BF6A |
Source: | Code function: | 1_2_00B4962D |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | Code function: | 1_2_00B2E625 |
Source: | Code function: | 1_2_00B34812 | |
Source: | Code function: | 2_2_008B4812 | |
Source: | Code function: | 2_2_6E838EB1 |
Source: | Code function: | 1_2_00B038D4 |
Source: | Code function: | 1_2_00B2E188 | |
Source: | Code function: | 1_2_00B2E625 | |
Source: | Code function: | 1_2_00B2E773 | |
Source: | Code function: | 1_2_00B33BB0 | |
Source: | Code function: | 2_2_008AE188 | |
Source: | Code function: | 2_2_008AE625 | |
Source: | Code function: | 2_2_008AE773 | |
Source: | Code function: | 2_2_008B3BB0 | |
Source: | Code function: | 2_2_6E837E39 | |
Source: | Code function: | 2_2_6E834321 | |
Source: | Code function: | 2_2_6E8344FB |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_00B415CB |
Source: | Code function: | 1_2_00B4393B |
Source: | Code function: | 1_2_00B2E9A7 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00B14CE8 |
Source: | Code function: | 1_2_00B4858F |
Source: | Code function: | 1_2_00B060BA |
Source: | Code function: | 1_2_00B48733 |
Source: | Code function: | 1_2_00B0508D |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Command and Scripting Interpreter | 1 Windows Service | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 12 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Service Execution | 1 DLL Side-Loading | 1 Windows Service | 11 Virtualization/Sandbox Evasion | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 2 Native API | Logon Script (Windows) | 12 Process Injection | 1 Disable or Modify Tools | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 1 Access Token Manipulation | NTDS | 1 Account Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 12 Process Injection | LSA Secrets | 1 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | 25 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | low | |||
false | low | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | low | |||
false | high | |||
false | low | |||
false | low | |||
false |
| unknown | ||
false | low |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426789 |
Start date and time: | 2024-04-16 16:16:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | cylanceprotectsetupwithoptics.exe |
Detection: | CLEAN |
Classification: | clean10.winEXE@3/35@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbahost.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\Microsoft.Deployment.WindowsInstaller.dll | Get hash | malicious | Unknown | Browse | ||
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\BootstrapperCore.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4759 |
Entropy (8bit): | 5.449828731919388 |
Encrypted: | false |
SSDEEP: | 96:NVrlXf90zqkyrC1EMjxOVctz7zhZ9Fto0:LlXfezqkBEMjxOVctz7zhHFX |
MD5: | 08DBCD484B726835209E5BE0DF4B242A |
SHA1: | 795770CCB41268C21A53468214166ECE755BFCAD |
SHA-256: | A25B411A0A8ABE78F81415044305D731C5853739021CBB7CCE60447D8260A45F |
SHA-512: | 0D10A291B94F7B59C72B2D1ACAD7CBC64C1B85D158D165EE3B39C4CF13F01C00339EB6B0D508D6E972370CC4F03227D08ECC7F7C5F938375EE9E960904CAA68C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2025 |
Entropy (8bit): | 6.231406644010833 |
Encrypted: | false |
SSDEEP: | 48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE |
MD5: | 1D4B831F77EFEC96FFBC70BC4B59B8B5 |
SHA1: | 1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB |
SHA-256: | 1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C |
SHA-512: | C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2458 |
Entropy (8bit): | 5.36165936198009 |
Encrypted: | false |
SSDEEP: | 48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS |
MD5: | CC8C6D04DC707B38E0F0C08BA16FE49B |
SHA1: | 95EA7F570677AEA52393D02FDB21CEBB218A7343 |
SHA-256: | DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9 |
SHA-512: | A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2286 |
Entropy (8bit): | 5.061915970731254 |
Encrypted: | false |
SSDEEP: | 48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF |
MD5: | 7C6E4CE87870B3B5E71D3EF4555500F8 |
SHA1: | E831E8978A48BEAFA04AAD52A564B7EADED4311D |
SHA-256: | CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696 |
SHA-512: | 2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2442 |
Entropy (8bit): | 5.094465051245675 |
Encrypted: | false |
SSDEEP: | 48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD |
MD5: | C8E7E0B4E63B3076047B7F49C76D56E1 |
SHA1: | 4E44E656A0D552B2FFD65911CB45245364E5DBF3 |
SHA-256: | 631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295 |
SHA-512: | FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3400 |
Entropy (8bit): | 5.279888750092028 |
Encrypted: | false |
SSDEEP: | 48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk |
MD5: | 074D5921AF07E6126049CB45814246ED |
SHA1: | 91D4BDDA8D2B703879CFE2C28550E0A46074FA57 |
SHA-256: | B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5 |
SHA-512: | 28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2235 |
Entropy (8bit): | 5.142592159444541 |
Encrypted: | false |
SSDEEP: | 48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs |
MD5: | E338408F1101499EB22507A3451F7B06 |
SHA1: | 83B42F9D7307265A108FC339D0460D36B66A8B94 |
SHA-256: | B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3 |
SHA-512: | F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2306 |
Entropy (8bit): | 5.076293283609686 |
Encrypted: | false |
SSDEEP: | 48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY |
MD5: | AA32A059AADD42431F7837CB1BE7257F |
SHA1: | 4CD21661E341080FB8C2DEFD9F32F134561FC3BA |
SHA-256: | 88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9 |
SHA-512: | 78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2392 |
Entropy (8bit): | 5.293225307744296 |
Encrypted: | false |
SSDEEP: | 48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr |
MD5: | 17FB605A2F02DA203DF06F714D1CC6DE |
SHA1: | 3A71D13D4CCA06116B111625C90DD1C451EA9228 |
SHA-256: | 55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF |
SHA-512: | D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2304 |
Entropy (8bit): | 4.985260685429469 |
Encrypted: | false |
SSDEEP: | 48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp |
MD5: | 50261379B89457B1980FF19CFABE6A08 |
SHA1: | F80B1F416539D33206CE3C24BA3B14B799A84813 |
SHA-256: | A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7 |
SHA-512: | BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2545 |
Entropy (8bit): | 5.923292576429967 |
Encrypted: | false |
SSDEEP: | 48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz |
MD5: | DB0F5BAB42403FD67C0A18E35E6880EC |
SHA1: | C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC |
SHA-256: | CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE |
SHA-512: | 589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2236 |
Entropy (8bit): | 5.97627825234954 |
Encrypted: | false |
SSDEEP: | 48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY |
MD5: | 442F8463EF5CA42B99B2EFACA696BD01 |
SHA1: | 67496DB91CBAA85AC0727B12FC2D35E990537DAC |
SHA-256: | D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD |
SHA-512: | A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2312 |
Entropy (8bit): | 4.965432037520827 |
Encrypted: | false |
SSDEEP: | 48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl |
MD5: | 67F28BCDB3BA6774CD66AA198B06FF38 |
SHA1: | 85D843B7248A5E1173FF9BD59CB73BB505F69B66 |
SHA-256: | 226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E |
SHA-512: | 7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2171 |
Entropy (8bit): | 5.089922193759582 |
Encrypted: | false |
SSDEEP: | 48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S |
MD5: | 5454F724C9CDAB8172678A1CC7057220 |
SHA1: | 241A57018ACE1210881583A9CF646E7D2E51412F |
SHA-256: | 41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113 |
SHA-512: | 40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2368 |
Entropy (8bit): | 5.270514043715206 |
Encrypted: | false |
SSDEEP: | 48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L |
MD5: | 96ACAAA5AEF7798E9048BAFF4C3FA8D3 |
SHA1: | E76629973F6C1CFC06F60BA64FE9F237B2DB9698 |
SHA-256: | F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C |
SHA-512: | 964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2147 |
Entropy (8bit): | 5.130635342194656 |
Encrypted: | false |
SSDEEP: | 48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6 |
MD5: | BD39ADB6B872163FD2D570028E9F3213 |
SHA1: | 688B8A109688D3EA483548F29DE2E57A8A56C868 |
SHA-256: | ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15 |
SHA-512: | F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2880 |
Entropy (8bit): | 5.408094213063887 |
Encrypted: | false |
SSDEEP: | 48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL |
MD5: | DAF167AF4031EF47E562056A7D51AA73 |
SHA1: | 0156B230CADD6169AC2820865E3C031ED79785EF |
SHA-256: | C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B |
SHA-512: | 5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2334 |
Entropy (8bit): | 5.397882326481071 |
Encrypted: | false |
SSDEEP: | 48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm |
MD5: | 016C278E515F87F589AD22C856B201F7 |
SHA1: | F20C7DB38B3161B143DEC4E578CE71D7F585F436 |
SHA-256: | 4A7FDF4A9033FE05C31F565ED3AE5B8C67D324B7AEADB737CE95DBB416D46868 |
SHA-512: | 310C85B27E1ECF4C6729E88051037150CFBA0234A0138666C26662B3D665FF38B74E95ABCADDEEF6CBEBB23E3357FAC487E6EE5EB8FE158C269D77672191B042 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2132 |
Entropy (8bit): | 5.1255014007111495 |
Encrypted: | false |
SSDEEP: | 48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M |
MD5: | D95E81164C57B6FD75E7C3022454192E |
SHA1: | 5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A |
SHA-256: | 6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D |
SHA-512: | 9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2303 |
Entropy (8bit): | 5.2754753523795275 |
Encrypted: | false |
SSDEEP: | 48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg |
MD5: | 01B200E06BA600A4EF00C00F7AAC5CE4 |
SHA1: | 22234426C42637E069A46217019551E4434A4AB6 |
SHA-256: | 06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D |
SHA-512: | 8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2200 |
Entropy (8bit): | 5.1485120966265 |
Encrypted: | false |
SSDEEP: | 48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL |
MD5: | 5836F0C655BDD97093F68AAF69AB2BAB |
SHA1: | B6842E816F9E0DCC559A5692E4D26101D10B4B16 |
SHA-256: | C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C |
SHA-512: | 640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1980 |
Entropy (8bit): | 6.189594519053644 |
Encrypted: | false |
SSDEEP: | 48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV |
MD5: | A34DCF7771198C779648B89156483E83 |
SHA1: | A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F |
SHA-256: | 89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6 |
SHA-512: | 0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2211 |
Entropy (8bit): | 5.1155097909395035 |
Encrypted: | false |
SSDEEP: | 48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6 |
MD5: | 8A278E519EF81B2847490EFB070219BC |
SHA1: | 7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8 |
SHA-256: | E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385 |
SHA-512: | 88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2400 |
Entropy (8bit): | 4.992567587099768 |
Encrypted: | false |
SSDEEP: | 48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8 |
MD5: | 1024AA88AE01BC7BA797193CC6023375 |
SHA1: | 9252A309C1CB32573F4D58A595A78660FDF54B2F |
SHA-256: | B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A |
SHA-512: | 77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38 |
Malicious: | false |
Preview: |
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\BootstrapperApplicationData.xml
Download File
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11204 |
Entropy (8bit): | 3.7621410726526445 |
Encrypted: | false |
SSDEEP: | 192:XstJw/R9VcxuYKhJ2lOYwFKlOP/+IMAdsKM3gpl1z4rwB75:XfRCO2Oi1k5 |
MD5: | 52E0225A599446003ABB5BEB5530D709 |
SHA1: | 6C1A100CDD61B92CA90E2D13B27D34D2A3351762 |
SHA-256: | 231F2A6BEB7F597EFF02CBFF46A192619CB62877D5DCF4A9D0062ED050023176 |
SHA-512: | F02A9C02051486307983C18F79170E5E1F7CAFE485FD35B489F383BDA56A1FF93690A78A41EF88470D05A1E437A9EB96B611A4C1B1C949F6DCE58C9DF086A51F |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 837 |
Entropy (8bit): | 4.998326031045003 |
Encrypted: | false |
SSDEEP: | 12:MMHd41Pd7lzc+TXYr+XFy9bWzc+TXYcXII3VymhsS+Qzop9g3XmGCGgXXujDjXRP:Jd67RtYrx9itYhmh9j3WDXiPdN3F |
MD5: | 7FEC4F8A43998BCABBB10BE207DDE83F |
SHA1: | 76F8442CFF5A13BF266C62469ECE7E2869248054 |
SHA-256: | 6DB97AB6973D1E3E961FC89900668FC39FE9706F0CE8C42AADF903E6A4CF09C6 |
SHA-512: | F7EE31890F50D9C54C375AB1F8F6DFC6C565CE2803CE0B2DF3E1F2D259527DD2D6F00D5479E3C795483785144B87EB895140643690B557D4B9D904072B3579BC |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 5.437314391025966 |
Encrypted: | false |
SSDEEP: | 1536:S2VnZ5kJsti1bhBjwYf+GiGKhq+cEFogn:S8Qsti1tpQTJq+cEFoi |
MD5: | 08E1610005BBBEC45BDF744BC93509BE |
SHA1: | 1FAC1E92074DC662DB14F1FCE43D0CA301BCA64C |
SHA-256: | F8597F37A2687017ED2B33FB06770D47BF7BA672B3E813E611F41B7C79230425 |
SHA-512: | BE9A9D44D068477E8245918505BE041A79E068EBB7BC0DA43695FA9B1D5F26562798E9465C1910A033CE0240BE1A8EEB9E8D7BC24B237E9FF014EC24CF32271F |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\Cylance.Host.Installer.CustomBootstrapperWithOptics.dll
Download File
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 121344 |
Entropy (8bit): | 2.514616654543185 |
Encrypted: | false |
SSDEEP: | 768:K6w7V5/0sIZnu6mQJLIoDoIaE/8iLv5Eaj+n:K6q5/acqaS8IhEag |
MD5: | 35DFC4020B5867733FFE5465174C1A51 |
SHA1: | EAE3DE772A66F4F2C0370FD2BEDA39EE403B9E0F |
SHA-256: | 6A99FEACD5CBC11BB8BEDF758F796D6DFDCD04DD1A4E377D5CD1241995A495AA |
SHA-512: | 2628AA456987415600CB6E71ACE54A0F3949CA547E60C2A6DCE9C1E393BE7DC06CEBD0C47E0D04074D10FE5F6A40311C5F77498C2858A6F9DD7AFAC4A8041E1B |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\Microsoft.Deployment.WindowsInstaller.dll
Download File
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 176128 |
Entropy (8bit): | 5.771237461184554 |
Encrypted: | false |
SSDEEP: | 3072:WnY3P0LI23gsAIvvIYttTRsgFGR69UgoXafH9ZCnfKlRUjW01KyM:XDittNER6joKfdU |
MD5: | 345299551A530B716BC4E406377B36A9 |
SHA1: | 505BBEE0EB47F5DFCF7FD28A5525390D8D3A4010 |
SHA-256: | 9AEBC76CB8C864593E0419162B2BF40B81BD52B3FF12EDAC1D032828DF83DCFA |
SHA-512: | AC0DC22C0A7CB4A7F6E1D84C928C36ECE28094951DE94DEB3654EFE7D5399A664F1B9A7A95AA3211093A6759409E22BE64153ABB965718A5165F6D25566ECF92 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 6.503058663866751 |
Encrypted: | false |
SSDEEP: | 3072:4TyDh12xXnvuxsiHa11b2O+tPB2s0ruPS0BEEiC:4Toh12xXmuN11iC7cJfiC |
MD5: | 64FF2C64FE4FD30CCB8A9C8A0DB806AA |
SHA1: | 73607DACBAB36214943E22CB1FDF6BC5E466D0AE |
SHA-256: | BBF38F1779A4ACCD152A01B19F296C646F23ABDC43FF3A92D6B17E0120F2271C |
SHA-512: | 860716A2E9C9DC7DDB9145566ED01688FC44A7DF02C95C502BE718785ABD96AECC5C6809D05BDBF0BE5A7C3481452F91EAB878FC4998C4BAD07C4BE08C8D3693 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 178176 |
Entropy (8bit): | 6.526838192155864 |
Encrypted: | false |
SSDEEP: | 3072:OxoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZu:OxoQNb++gDrSJdr8BHkPh3wIgnK/ |
MD5: | 0E2E0DDA2C6B9CABFA99394ACB97B025 |
SHA1: | 1EC84920AF81C250B204356D24F435FCA4FA54DD |
SHA-256: | 8271912B7C7616EC04C2C19C608713E03651D91D404715376A1535E72D4BA2D7 |
SHA-512: | 79F9CEEA83E93BEDBCB8013205FD55D7A7CB190023CDDEFA01DEE2233EFF9BB6757BFC59DB4422593E8D2B6B77FF3090E03653C5099D7E30C951507946A17A8A |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 797 |
Entropy (8bit): | 7.648767094164769 |
Encrypted: | false |
SSDEEP: | 12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5 |
MD5: | A356956FD269567B8F4612A33802637B |
SHA1: | 75AE41181581FD6376CA9CA88147011E48BF9A30 |
SHA-256: | A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03 |
SHA-512: | A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3915 |
Entropy (8bit): | 5.15881451198739 |
Encrypted: | false |
SSDEEP: | 48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP |
MD5: | A20778EC90A094A62A6C3A6AB2A6DC7D |
SHA1: | 74C131B5FD80446FFDF2AFAD723762DD36621309 |
SHA-256: | F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA |
SHA-512: | 47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2363 |
Entropy (8bit): | 5.082597499030882 |
Encrypted: | false |
SSDEEP: | 48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1h:8LuTY1xmmmTerNR0ATz |
MD5: | 035FB1B3661CA2FCE4DD6B7151CA34FD |
SHA1: | D0BDAB5F415A7591276580C7C62D21003E7390A9 |
SHA-256: | 97B20444592C26211BABE655D54AE98A9ADDA671382A3F7B90AE62665759FB30 |
SHA-512: | F07B6ED2EEBAF28DE8632F5E7785AC7D49437DE03A19F9F2B69B761590C07DACA2883A69479871CDD16A6041C7E1768C63471146FAC052B24AF207AE0983089B |
Malicious: | false |
Preview: |
C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe
Download File
Process: | C:\Users\user\Desktop\cylanceprotectsetupwithoptics.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 967938 |
Entropy (8bit): | 7.135106227415395 |
Encrypted: | false |
SSDEEP: | 24576:tMysZgjS1hqgSC/iz+R+Rm2p1F4T3QyyBi:tRjvQo+R+Rlp1WeBi |
MD5: | 796375900C5F33DB332FF8143F243083 |
SHA1: | 9BAF9183DF0A5CA02CD49DBE04D99578821B27F7 |
SHA-256: | BAB72DFA7EED0CE4814580312CCBA4FCA4A136F4BB6F93A9F8F9648614D9EC68 |
SHA-512: | BEA24F19BE89A69E8380B73B12CA877C9D87121A3B1C2B684CBB632457F6170B0A51FFE05C1D4CC770616D887DD39450D8ABE5ADCC96DF5F97FC6154CC2EEC1C |
Malicious: | false |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.135106227415395 |
TrID: |
|
File name: | cylanceprotectsetupwithoptics.exe |
File size: | 967'938 bytes |
MD5: | 796375900c5f33db332ff8143f243083 |
SHA1: | 9baf9183df0a5ca02cd49dbe04d99578821b27f7 |
SHA256: | bab72dfa7eed0ce4814580312ccba4fca4a136f4bb6f93a9f8f9648614d9ec68 |
SHA512: | bea24f19be89a69e8380b73b12ca877c9d87121a3b1c2b684cbb632457f6170b0a51ffe05c1d4cc770616d887dd39450d8abe5adcc96df5f97fc6154cc2eec1c |
SSDEEP: | 24576:tMysZgjS1hqgSC/iz+R+Rm2p1F4T3QyyBi:tRjvQo+R+Rlp1WeBi |
TLSH: | F3259F32782040E5D6B10B736D74A1242D6CBE143B34CD9EB6E8BB5C2BB58D766F3246 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u.....6.u.'.t.v.u...p.l.u.....&.u.'...%.u...w.&.u.Rich'.u |
Icon Hash: | 0f0f092b27070e49 |
Entrypoint: | 0x42e06d |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5A10A818 [Sat Nov 18 21:37:28 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 1a5cdbf711fee14b077e599d13fddab2 |
Instruction |
---|
call 00007FA1508991E6h |
jmp 00007FA150898BD3h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov eax, dword ptr [esp+08h] |
mov ecx, dword ptr [esp+10h] |
or ecx, eax |
mov ecx, dword ptr [esp+0Ch] |
jne 00007FA150898D4Bh |
mov eax, dword ptr [esp+04h] |
mul ecx |
retn 0010h |
push ebx |
mul ecx |
mov ebx, eax |
mov eax, dword ptr [esp+08h] |
mul dword ptr [esp+14h] |
add ebx, eax |
mov eax, dword ptr [esp+08h] |
mul ecx |
add edx, ebx |
pop ebx |
retn 0010h |
push ebp |
mov ebp, esp |
jmp 00007FA150898D61h |
push dword ptr [ebp+08h] |
call 00007FA15089F761h |
pop ecx |
test eax, eax |
jne 00007FA150898D54h |
cmp dword ptr [ebp+08h], FFFFFFFFh |
jne 00007FA150898D49h |
call 00007FA1508995ECh |
jmp 00007FA150898D47h |
call 00007FA1508995C8h |
push dword ptr [ebp+08h] |
call 00007FA15089F7D8h |
pop ecx |
test eax, eax |
je 00007FA150898D16h |
pop ebp |
ret |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007FA1508995F5h |
pop ecx |
pop ebp |
ret |
push ebp |
mov ebp, esp |
test byte ptr [ebp+08h], 00000001h |
push esi |
mov esi, ecx |
mov dword ptr [esi], 00460BF0h |
je 00007FA150898D4Ch |
push 0000000Ch |
push esi |
call 00007FA150898D1Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebx |
push esi |
mov eax, dword ptr [esp+18h] |
or eax, eax |
jne 00007FA150898D5Ah |
mov ecx, dword ptr [esp+14h] |
mov eax, dword ptr [esp+10h] |
xor edx, edx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x684a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6f000 | 0x38370 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa8000 | 0x3d8c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x67420 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x67474 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x66e40 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x4b000 | 0x3d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x68024 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x497d7 | 0x49800 | 0af0aed976d9788b8826c9a3231c6fe9 | False | 0.5318943983843537 | data | 6.562809093346028 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x4b000 | 0x1eaf4 | 0x1ec00 | f3c726b1fd821276d2f89bade78a51f6 | False | 0.3135480182926829 | data | 5.113411732013242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x6a000 | 0x1740 | 0xa00 | f209e7387aef138b4944b487b2f8cfdc | False | 0.275 | firmware 2005 v9319 (revision 0) \261\031\277DN\346@\273 V2, 0 bytes or less, UNKNOWN2 0xffffffff, at 0 0 bytes , at 0 0 bytes , at 0x20a14600 | 3.165445916148103 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.wixburn | 0x6c000 | 0x38 | 0x200 | 729c00e001c45e48402e1fc7098d5fe2 | False | 0.109375 | data | 0.5922508836620997 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x6d000 | 0x9 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gfids | 0x6e000 | 0xe0 | 0x200 | d809509bc5ab771a9b57700ef6401fb3 | False | 0.3203125 | data | 2.006362017594661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x6f000 | 0x38370 | 0x38400 | 4b27133881a96961fe6aa3f464d60f42 | False | 0.38829861111111114 | data | 5.651171159709615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa8000 | 0x3d8c | 0x3e00 | 64550f907643aee4fbff379239bc128c | False | 0.8015372983870968 | data | 6.776933972299988 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x6f280 | 0x1a864 | data | English | United States | 0.39087294282242924 |
RT_ICON | 0x89ae4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 2048 | English | United States | 0.5930851063829787 |
RT_ICON | 0x89f4c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 8192 | English | United States | 0.35295497185741087 |
RT_ICON | 0x8aff4 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 18432 | English | United States | 0.2641078838174274 |
RT_ICON | 0x8d59c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 131072 | English | United States | 0.17243877913166922 |
RT_ICON | 0x9ddc4 | 0x653c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.991974070072542 |
RT_MESSAGETABLE | 0xa4300 | 0x2808 | data | English | United States | 0.28844652615144417 |
RT_GROUP_ICON | 0xa6b08 | 0x4c | data | English | United States | 0.7631578947368421 |
RT_VERSION | 0xa6b54 | 0x348 | data | English | United States | 0.44761904761904764 |
RT_MANIFEST | 0xa6e9c | 0x4d2 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminators | English | United States | 0.47568881685575365 |
DLL | Import |
---|---|
ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegQueryValueExW, RegDeleteValueW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW |
USER32.dll | GetMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, PeekMessageW, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW, TranslateMessage |
OLEAUT32.dll | SysFreeString, SysAllocString, VariantInit, VariantClear |
GDI32.dll | CreateCompatibleDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, DeleteDC |
SHELL32.dll | SHGetFolderPathW, CommandLineToArgvW, ShellExecuteExW |
ole32.dll | CoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoInitializeSecurity, CLSIDFromProgID |
KERNEL32.dll | GetCommandLineA, GetCPInfo, GetOEMCP, CloseHandle, CreateFileW, GetProcAddress, LocalFree, HeapSetInformation, GetLastError, GetModuleHandleW, FormatMessageW, lstrlenA, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, Sleep, GetLocalTime, GetModuleFileNameW, ExpandEnvironmentStringsW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, CompareStringW, GetCurrentProcessId, WriteFile, SetFilePointer, LoadLibraryW, GetSystemDirectoryW, CreateFileA, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FindClose, GetCommandLineW, GetCurrentDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindFirstFileW, FindNextFileW, MoveFileExW, GetCurrentProcess, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, GetEnvironmentStringsW, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, GetModuleHandleExW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetComputerNameW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, CreateEventW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, IsValidCodePage, FreeEnvironmentStringsW, TlsAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DecodePointer, WriteConsoleW, GetModuleHandleA, GlobalAlloc, GlobalFree, GetFileSizeEx, CopyFileW, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, GetSystemInfo, VirtualProtect, VirtualQuery, SetCurrentDirectoryW, FindFirstFileExW, GetFileType, GetACP, ExitProcess, GetStdHandle, LoadLibraryExW, InitializeCriticalSectionAndSpinCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, RtlUnwind, SetLastError, LoadLibraryExA |
RPCRT4.dll | UuidCreate |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 16:17:10 |
Start date: | 16/04/2024 |
Path: | C:\Users\user\Desktop\cylanceprotectsetupwithoptics.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb00000 |
File size: | 967'938 bytes |
MD5 hash: | 796375900C5F33DB332FF8143F243083 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 16:17:11 |
Start date: | 16/04/2024 |
Path: | C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x880000 |
File size: | 967'938 bytes |
MD5 hash: | 796375900C5F33DB332FF8143F243083 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B42F23 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B038D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0B389 Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 565fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B20A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B184C4 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 205fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B041D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0C129 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 128fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B429B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3FBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B20627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B16915 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B44932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B055B6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B037EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40E3F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03A72 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3523F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B034C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3F37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3F36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3F349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B494F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B494D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B49506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0A7EF Relevance: 170.4, APIs: 29, Strings: 68, Instructions: 688COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03BC3 Relevance: 47.6, APIs: 23, Strings: 4, Instructions: 311fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B169CC Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 358synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B14CE8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 161pipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3F961 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 167encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3FDC2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130threadtimeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B48733 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3A85E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3FD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4393B Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B44315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B32B21 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4858F Relevance: 1.5, APIs: 1, Instructions: 23timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2E773 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B30662 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B30A97 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3022D Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2FE15 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B32D50 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0FE26 Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 476registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B152E3 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222filepipesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0A311 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2D22C Relevance: 44.0, APIs: 10, Strings: 15, Instructions: 276processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2CC24 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 235synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B144E7 Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 181fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0F09D Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 180registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E177 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B29BB3 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2CA34 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 173processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B47E36 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2DC0D Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 204stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B14933 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 155sleepfileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0F410 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0BB30 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 189processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2678F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 150serviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0A17D Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B067E5 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 131libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B047E9 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 128memorysynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B195AC Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B13E47 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B049DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B19496 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B443A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 247fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B02DE0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 198sleepfiletimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B05F14 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 105timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E3F4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B21224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B21341 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0D5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E05E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0671C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01174 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B45916 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194filememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1473A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0F2DC Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B151E9 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B18E92 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 88fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B05BF0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4635A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B10419 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0F69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2D677 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B45C68 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0C7DF Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 97fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2D12C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4082D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1CCF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53synchronizationthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B167B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B070D4 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3C9BD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4143C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1D01A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B07203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B208F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B209B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B49555 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B409BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B18AA3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1C59C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163synchronizationCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B410C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B461FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B02436 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B44212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0EEF9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B28B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B431C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2D047 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2DB67 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40917 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B41B28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B34897 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B088DE Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B021BC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2CEF5 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B485CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B435A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B288CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B03A97 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75memoryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B13955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B2CF56 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B01F78 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B269A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48serviceCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1EA72 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0D7CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1F086 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1F194 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E978 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1EA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B45D7F Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B04E9C Relevance: 6.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43119 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B38731 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B31246 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B44661 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40B49 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40F6E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B365D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B48E07 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B49220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B41392 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B454F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B43AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B10598 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B430BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4336E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B41344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B40CD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00881070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BFDC2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130threadtimeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088DE25 Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 646COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088B389 Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 565fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A0A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088A311 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E177 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008841D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088C129 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 128fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C29B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E831646 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 233libraryloaderfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E832ED1 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C2F23 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BFBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A0627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00893E47 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008849DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00882DE0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 198sleepfiletimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E83122D Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 102memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E3F4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A1224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088D5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00884690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E05E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E831431 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 197memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088F69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E831070 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 154registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A08F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A09B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C4932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089E705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C10C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E833267 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A8B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C0D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008A88CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00893955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C0658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BFD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0089EA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E831DCD Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008837EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00883999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E8322C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0088F5E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E832266 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C0E3F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00883A72 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008838D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C3499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00882D05 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008B523F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008834C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008840E2 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BF349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BF36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008BF37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C94D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C94F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008C9506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008814B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |