Windows
Analysis Report
wr.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wr.exe (PID: 5064 cmdline:
"C:\Users\ user\Deskt op\wr.exe" MD5: E2A072228078E6F3CF5073F4AF029913)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Code function: | 0_2_005DB2A0 | |
Source: | Code function: | 0_2_005D9DE0 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00617300 | |
Source: | Code function: | 0_2_006172C0 |
Source: | Code function: | 0_2_005E4080 | |
Source: | Code function: | 0_2_005B6160 | |
Source: | Code function: | 0_2_005D41E0 | |
Source: | Code function: | 0_2_00605240 | |
Source: | Code function: | 0_2_005DA260 | |
Source: | Code function: | 0_2_00628220 | |
Source: | Code function: | 0_2_005D72C0 | |
Source: | Code function: | 0_2_0060F2A0 | |
Source: | Code function: | 0_2_005C9280 | |
Source: | Code function: | 0_2_005DB2A0 | |
Source: | Code function: | 0_2_005F7300 | |
Source: | Code function: | 0_2_005FF3E0 | |
Source: | Code function: | 0_2_005CD380 | |
Source: | Code function: | 0_2_00626440 | |
Source: | Code function: | 0_2_005ED460 | |
Source: | Code function: | 0_2_006124A9 | |
Source: | Code function: | 0_2_005BC4A0 | |
Source: | Code function: | 0_2_005F04A0 | |
Source: | Code function: | 0_2_005E7500 | |
Source: | Code function: | 0_2_005DC5A0 | |
Source: | Code function: | 0_2_005FA660 | |
Source: | Code function: | 0_2_005C5600 | |
Source: | Code function: | 0_2_005D6600 | |
Source: | Code function: | 0_2_005B6620 | |
Source: | Code function: | 0_2_005D1740 | |
Source: | Code function: | 0_2_005C4860 | |
Source: | Code function: | 0_2_005C98E0 | |
Source: | Code function: | 0_2_005B5880 | |
Source: | Code function: | 0_2_005FDAA0 | |
Source: | Code function: | 0_2_005EEBC0 | |
Source: | Code function: | 0_2_005BDBA0 | |
Source: | Code function: | 0_2_00625C00 | |
Source: | Code function: | 0_2_005F3C20 | |
Source: | Code function: | 0_2_00627CE0 | |
Source: | Code function: | 0_2_005C9CC0 | |
Source: | Code function: | 0_2_00606C80 | |
Source: | Code function: | 0_2_005E7D60 | |
Source: | Code function: | 0_2_005D9DE0 | |
Source: | Code function: | 0_2_005B9E20 | |
Source: | Code function: | 0_2_005EAE20 | |
Source: | Code function: | 0_2_005EDEA0 | |
Source: | Code function: | 0_2_005CFF60 | |
Source: | Code function: | 0_2_005BCFE0 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00D9A7C0 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 0_2_006153E0 |
Source: | Code function: | 0_2_005E19C0 |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-45125 |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Code function: | 0_2_006153E0 |
Source: | Code function: | 0_2_006153E0 |
Source: | Code function: | 0_2_00D9A7C0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_005F9980 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Software Packing | OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 21 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
88% | ReversingLabs | Win64.Trojan.DisguisedXMRigMiner | ||
100% | Avira | TR/Redcap.rhlwi |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ghs.googlehosted.com | 173.194.209.121 | true | false | unknown | |
www.dblikes.top | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428863 |
Start date and time: | 2024-04-19 18:35:15 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | wr.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@1/0@2/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- VT rate limit hit for: wr.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ghs.googlehosted.com | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.891548043841517 |
TrID: |
|
File name: | wr.exe |
File size: | 4'445'584 bytes |
MD5: | e2a072228078e6f3cf5073f4af029913 |
SHA1: | 16ed4faf2239de52acdc439e88047984b8510547 |
SHA256: | a742c71ce1ae3316e82d2b8c788b9c6ffd723d8d6da4f94ba5639b84070bb639 |
SHA512: | 1ff79ce5e138afe9924577d4901ac028a7a2ba90b2273779b4a933aa65a6963d1c23a5b35e6015eb96f8b3efdc1766b7a2b5e18cc7bd181dc82660c9ef34fa6e |
SSDEEP: | 98304:DdTDuHIp8vWucCSSR94RD2rwCL2ZtIjcQyWYkgiDyYNWGtlNRtkG2wpOx1DkkSgB:dDbTJGi2rAZUghYPtXR6GhI9R0n0 |
TLSH: | 3626335A2501A1A4E1E57B7032AD3DD2E88F34434FAE74A54C8BCAF01D7AED39B53063 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........r.<.....".......C.......:.P.~...;...@...............................~...........`... ............................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0xbea750 |
Entrypoint Section: | UPX1 |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 1 |
File Version Major: | 6 |
File Version Minor: | 1 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 1 |
Import Hash: | 6ed4f5f04d62b18d96b26d6db7c18840 |
Signature Valid: | false |
Signature Issuer: | CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | D15B2B9631F8B37BA8D83A5AE528A8BB |
Thumbprint SHA-1: | 8740DF4ACB749640AD318E4BE842F72EC651AD80 |
Thumbprint SHA-256: | 2EB421FBB33BBF9C8F6B58C754B0405F40E02CB6328936AAE39DB7A24880EA21 |
Serial: | 33000002528B33AAF895F339DB000000000252 |
Instruction |
---|
push ebx |
push esi |
push edi |
push ebp |
dec eax |
lea esi, dword ptr [FFBC58CAh] |
dec eax |
lea edi, dword ptr [esi-003AF025h] |
push edi |
xor ebx, ebx |
xor ecx, ecx |
dec eax |
or ebp, FFFFFFFFh |
call 00007F90F4F1FE85h |
add ebx, ebx |
je 00007F90F4F1FE34h |
rep ret |
mov ebx, dword ptr [esi] |
dec eax |
sub esi, FFFFFFFCh |
adc ebx, ebx |
mov dl, byte ptr [esi] |
rep ret |
dec eax |
lea eax, dword ptr [edi+ebp] |
cmp ecx, 05h |
mov dl, byte ptr [eax] |
jbe 00007F90F4F1FE53h |
dec eax |
cmp ebp, FFFFFFFCh |
jnbe 00007F90F4F1FE4Dh |
sub ecx, 04h |
mov edx, dword ptr [eax] |
dec eax |
add eax, 04h |
sub ecx, 04h |
mov dword ptr [edi], edx |
dec eax |
lea edi, dword ptr [edi+04h] |
jnc 00007F90F4F1FE21h |
add ecx, 04h |
mov dl, byte ptr [eax] |
je 00007F90F4F1FE42h |
dec eax |
inc eax |
mov byte ptr [edi], dl |
sub ecx, 01h |
mov dl, byte ptr [eax] |
dec eax |
lea edi, dword ptr [edi+01h] |
jne 00007F90F4F1FE22h |
rep ret |
cld |
inc ecx |
pop ebx |
jmp 00007F90F4F1FE3Ah |
dec eax |
inc esi |
mov byte ptr [edi], dl |
dec eax |
inc edi |
mov dl, byte ptr [esi] |
add ebx, ebx |
jne 00007F90F4F1FE3Ch |
mov ebx, dword ptr [esi] |
dec eax |
sub esi, FFFFFFFCh |
adc ebx, ebx |
mov dl, byte ptr [esi] |
jc 00007F90F4F1FE18h |
lea eax, dword ptr [ecx+01h] |
jmp 00007F90F4F1FE39h |
dec eax |
inc ecx |
call ebx |
adc eax, eax |
inc ecx |
call ebx |
adc eax, eax |
add ebx, ebx |
jne 00007F90F4F1FE3Ch |
mov ebx, dword ptr [esi] |
dec eax |
sub esi, FFFFFFFCh |
adc ebx, ebx |
mov dl, byte ptr [esi] |
jnc 00007F90F4F1FE16h |
sub eax, 03h |
jc 00007F90F4F1FE4Bh |
shl eax, 08h |
movzx edx, dl |
or eax, edx |
dec eax |
inc esi |
xor eax, FFFFFFFFh |
je 00007F90F4F1FE8Ah |
sar eax, 1 |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7eb000 | 0x9c | UPX2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x43ae00 | 0x2790 | UPX1 |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x3af000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX1 | 0x3b0000 | 0x43b000 | 0x43aa00 | 49b53f25b9a2d71ae3dc7f43479caa91 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX2 | 0x7eb000 | 0x1000 | 0x200 | 2a6c937fc0cf9a0e86bf0698c0a6a7db | False | 0.1953125 | data | 1.3719135890817398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 18:36:06.205009937 CEST | 65357 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 19, 2024 18:36:06.205176115 CEST | 65358 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 19, 2024 18:36:06.312657118 CEST | 53 | 65358 | 8.8.8.8 | 192.168.2.5 |
Apr 19, 2024 18:36:06.312728882 CEST | 53 | 65357 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 18:36:06.205009937 CEST | 192.168.2.5 | 8.8.8.8 | 0xfe42 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 18:36:06.205176115 CEST | 192.168.2.5 | 8.8.8.8 | 0x9059 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 18:36:06.312657118 CEST | 8.8.8.8 | 192.168.2.5 | 0x9059 | No error (0) | ghs.googlehosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 18:36:06.312657118 CEST | 8.8.8.8 | 192.168.2.5 | 0x9059 | No error (0) | 28 | IN (0x0001) | false | |||
Apr 19, 2024 18:36:06.312728882 CEST | 8.8.8.8 | 192.168.2.5 | 0xfe42 | No error (0) | ghs.googlehosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 18:36:06.312728882 CEST | 8.8.8.8 | 192.168.2.5 | 0xfe42 | No error (0) | 173.194.209.121 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 18:36:04 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\wr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x5b0000 |
File size: | 4'445'584 bytes |
MD5 hash: | E2A072228078E6F3CF5073F4AF029913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Go lang |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 58.8% |
Total number of Nodes: | 17 |
Total number of Limit Nodes: | 2 |
Graph
Function 00D9A7C0 Relevance: 6.2, APIs: 4, Instructions: 195librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00617300 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00616E60 Relevance: 1.3, APIs: 1, Instructions: 33memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00606C80 Relevance: 32.6, Strings: 25, Instructions: 1308COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D41E0 Relevance: 15.7, Strings: 12, Instructions: 725COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C9CC0 Relevance: 15.7, Strings: 12, Instructions: 694COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005DA260 Relevance: 15.6, Strings: 12, Instructions: 555COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BC4A0 Relevance: 15.4, Strings: 12, Instructions: 383COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005FDAA0 Relevance: 12.9, Strings: 10, Instructions: 371COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BCFE0 Relevance: 8.0, Strings: 6, Instructions: 517COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E7500 Relevance: 7.8, Strings: 6, Instructions: 297COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005EDEA0 Relevance: 5.7, Strings: 4, Instructions: 688COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B5880 Relevance: 5.4, Strings: 4, Instructions: 381COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C9280 Relevance: 5.3, Strings: 4, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005EAE20 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E7D60 Relevance: 5.2, Strings: 4, Instructions: 242COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005F7300 Relevance: 4.9, Strings: 3, Instructions: 1169COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6620 Relevance: 4.2, Strings: 3, Instructions: 418COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E4080 Relevance: 4.0, Strings: 3, Instructions: 272COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CFF60 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005F04A0 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00628220 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005FA660 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00605240 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D72C0 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C4860 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005DC5A0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00626440 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C98E0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060F2A0 Relevance: .4, Instructions: 368COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00625C00 Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00627CE0 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C5600 Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005F3C20 Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B6160 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006124A9 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005ED460 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005EEBC0 Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D9DE0 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005DB2A0 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CD380 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B9E20 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005FF3E0 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D1740 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BDBA0 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D6600 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005E19C0 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005F9980 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006172C0 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006153E0 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |