Windows
Analysis Report
install_numarkidjliveii+(1).exe
Overview
General Information
Detection
Score: | 5 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample reads itself and does not show any behavior, likely it performs some host environment checks which are compared to an embedded key |
- System is w10x64
- install_numarkidjliveii+(1).exe (PID: 7308 cmdline:
"C:\Users\ user\Deskt op\install _numarkidj liveii+(1) .exe" MD5: 049A333248120D695C0B344F9698DE4E)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_008D7080 | |
Source: | Code function: | 0_2_008E541E | |
Source: | Code function: | 0_2_008D5C29 | |
Source: | Code function: | 0_2_008DB02A | |
Source: | Code function: | 0_2_008D7C70 | |
Source: | Code function: | 0_2_008D6D90 | |
Source: | Code function: | 0_2_008D5160 | |
Source: | Code function: | 0_2_008E8A9F | |
Source: | Code function: | 0_2_008D2A43 | |
Source: | Code function: | 0_2_008E4F70 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Command line argument: | 0_2_008D321A | |
Source: | Command line argument: | 0_2_008D321A |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_008D4109 |
Source: | API coverage: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_008DD428 |
Source: | Code function: | 0_2_008DC6A6 |
Source: | Code function: | 0_2_008E33B1 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_008D38C3 | |
Source: | Code function: | 0_2_008DD428 | |
Source: | Code function: | 0_2_008D3E66 | |
Source: | Code function: | 0_2_008D3FF9 |
Source: | Code function: | 0_2_008D410B |
Source: | Code function: | 0_2_008D3D58 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427202 |
Start date and time: | 2024-04-17 08:53:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | install_numarkidjliveii+(1).exe |
Detection: | CLEAN |
Classification: | clean5.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
File type: | |
Entropy (8bit): | 7.864060199493046 |
TrID: |
|
File name: | install_numarkidjliveii+(1).exe |
File size: | 940'952 bytes |
MD5: | 049a333248120d695c0b344f9698de4e |
SHA1: | 422f821ddbb9c70edd991f8f9d40f3b1e31b49db |
SHA256: | 92cd9486c31b528a0dd4a3b83aa165454143bf8439ecfc65191a99ed2a4e34f7 |
SHA512: | 1682f18ca6a2ce8cd8b2715fb981b70e794631b71fe4555535ef923400b2a0d700514f609a2cf465fca7d2c42b2e9aef5d6bfba76c7ede459a612ead6ee4c6ce |
SSDEEP: | 12288:N/d78kkTQDmiS97LwWU5SWtAvBqqSjJrK8w0KxNOQjVDcATASPvBLwjR45QtMYQ7:Fd785TQDmzQltekPj8iZ2BccmtWTt5r |
TLSH: | 0A152303318085B0D577493896F9EE389A2CB9301E65DDEF725823BA8F255D099349FF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9.~.9.~.9.~..8..4.~..8....~..8..!.~.x.z.1.~.k.}.*.~.k.{...~.k.z.+.~.0...0.~.9...f.~.U.v.:.~.U...8.~.9...8.~.U.|.8.~.Rich9.~ |
Icon Hash: | 8e1f4c4f4f1d0f06 |
Entrypoint: | 0x4038b9 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5BD72BAE [Mon Oct 29 15:47:58 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 251ebb044beda80d7d482044d8a442fa |
Signature Valid: | true |
Signature Issuer: | CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | E5897BDAE0607CCFB3B5DE0B8CBE95A8 |
Thumbprint SHA-1: | CB8429E919FA35C08A073CF7B92629896D021F99 |
Thumbprint SHA-256: | AB2B1018F39AC64F6BDD21CB42A96F86036A3C25DBC28ED3ADD07B4964148240 |
Serial: | 59E035CD9FB3F4AE7656CF5892A9112E |
Instruction |
---|
call 00007F4DB08F856Ch |
jmp 00007F4DB08F7EFFh |
push ebp |
mov ebp, esp |
push 00000000h |
call dword ptr [0041A048h] |
push dword ptr [ebp+08h] |
call dword ptr [0041A044h] |
push C0000409h |
call dword ptr [0041A04Ch] |
push eax |
call dword ptr [0041A050h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
sub esp, 00000324h |
push 00000017h |
call 00007F4DB08FC840h |
test eax, eax |
je 00007F4DB08F8087h |
push 00000002h |
pop ecx |
int 29h |
mov dword ptr [004249D8h], eax |
mov dword ptr [004249D4h], ecx |
mov dword ptr [004249D0h], edx |
mov dword ptr [004249CCh], ebx |
mov dword ptr [004249C8h], esi |
mov dword ptr [004249C4h], edi |
mov word ptr [004249F0h], ss |
mov word ptr [004249E4h], cs |
mov word ptr [004249C0h], ds |
mov word ptr [004249BCh], es |
mov word ptr [004249B8h], fs |
mov word ptr [004249B4h], gs |
pushfd |
pop dword ptr [004249E8h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [004249DCh], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [004249E0h], eax |
lea eax, dword ptr [ebp+08h] |
mov dword ptr [004249ECh], eax |
mov eax, dword ptr [ebp-00000324h] |
mov dword ptr [00424928h], 00010001h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2361c | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x26000 | 0x8450 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xe3ea0 | 0x1cf8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2f000 | 0x11dc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x22dc0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x22df8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1a000 | 0x138 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1885b | 0x18a00 | 74c44e468a41564a545bf8045f72018a | False | 0.5900618654822335 | COM executable for DOS | 6.657681839908799 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1a000 | 0x9d22 | 0x9e00 | decefa83b3104212e92e9634494844a6 | False | 0.5813637262658228 | data | 6.016711848151997 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x24000 | 0x13f8 | 0xa00 | e30004c77286a14ea7706cb733dc6237 | False | 0.146875 | data | 1.924625714805442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x26000 | 0x8450 | 0x8600 | 2ad58a9491a82c9415bfc6aad62fc9b8 | False | 0.4777285447761194 | data | 4.831322386922661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2f000 | 0x11dc | 0x1200 | 3d564330567fa755c932abbed26ec763 | False | 0.8053385416666666 | data | 6.551172943745427 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x264c8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.4456188001889466 |
RT_ICON | 0x2a6f0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.5252074688796681 |
RT_ICON | 0x2cc98 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.5347091932457786 |
RT_ICON | 0x2dd40 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.6595744680851063 |
RT_GROUP_ICON | 0x2e1a8 | 0x3e | data | English | United States | 0.8225806451612904 |
RT_VERSION | 0x261c0 | 0x304 | data | English | United States | 0.42357512953367876 |
RT_MANIFEST | 0x2e1e8 | 0x261 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (549), with CRLF line terminators | English | United States | 0.5451559934318555 |
DLL | Import |
---|---|
USER32.dll | MessageBoxW, wsprintfW |
ADVAPI32.dll | RegCloseKey, RegOpenKeyW, RegQueryValueExW |
SHELL32.dll | SHCreateDirectoryExW |
KERNEL32.dll | HeapSize, SetEndOfFile, GetStdHandle, WriteConsoleW, FlushFileBuffers, ReadFile, GetCommandLineW, WriteFile, SetFilePointer, CreateFileW, MultiByteToWideChar, CloseHandle, GetFileSize, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, RaiseException, DecodePointer, GetModuleFileNameW, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, SetFilePointerEx, GetConsoleMode, ReadConsoleW, GetFileType, HeapFree, GetConsoleCP, HeapAlloc, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetStringTypeW, GetProcessHeap |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 08:53:48 |
Start date: | 17/04/2024 |
Path: | C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8d0000 |
File size: | 940'952 bytes |
MD5 hash: | 049A333248120D695C0B344F9698DE4E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.5% |
Total number of Nodes: | 1373 |
Total number of Limit Nodes: | 37 |
Graph
Function 008D321A Relevance: 51.1, APIs: 24, Strings: 5, Instructions: 352filewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D30B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DFBDA Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E4F70 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D5C29 Relevance: 2.2, Strings: 1, Instructions: 908COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D7080 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D3FF9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DB02A Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E33B1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D5160 Relevance: .8, Instructions: 753COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D7C70 Relevance: .4, Instructions: 402COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D2A43 Relevance: .4, Instructions: 361COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D6D90 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DDFE7 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E46EF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E041D Relevance: 15.1, APIs: 10, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DEE67 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E4C22 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DC72B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DCEBB Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008D3071 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E0744 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E2E6B Relevance: 6.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008E22FE Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |