Windows
Analysis Report
elevation_service.exe
Overview
General Information
Detection
Score: | 18 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Initial sample is implementing a service and should be registered / started as service |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
- cmd.exe (PID: 6336 cmdline:
cmd /c sc create OZg QJ binpath = "C:\User s\user\Des ktop\eleva tion_servi ce.exe" >> C:\servic ereg.log 2 >&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6356 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 6504 cmdline:
sc create OZgQJ binp ath= "C:\U sers\user\ Desktop\el evation_se rvice.exe" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
- cmd.exe (PID: 6748 cmdline:
cmd /c sc start OZgQ J >> C:\se rvicestart .log 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6776 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 6940 cmdline:
sc start O ZgQJ MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
- elevation_service.exe (PID: 7008 cmdline:
C:\Users\u ser\Deskto p\elevatio n_service. exe MD5: C93C02A0ADB87CCE4C3F1EDED22889D9)
- cleanup
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: |
Click to jump to signature section
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 6_2_00007FF7234F3070 | |
Source: | Code function: | 6_2_00007FF7234D4494 | |
Source: | Code function: | 6_2_00007FF7234D408C | |
Source: | Code function: | 6_2_00007FF7234FC88C | |
Source: | Code function: | 6_2_00007FF72343CC28 | |
Source: | Code function: | 6_2_00007FF72343A820 | |
Source: | Code function: | 6_2_00007FF7234D7050 | |
Source: | Code function: | 6_2_00007FF72343BC40 | |
Source: | Code function: | 6_2_00007FF7234338E0 | |
Source: | Code function: | 6_2_00007FF7234B2110 | |
Source: | Code function: | 6_2_00007FF723433D10 | |
Source: | Code function: | 6_2_00007FF723469510 | |
Source: | Code function: | 6_2_00007FF72343B900 | |
Source: | Code function: | 6_2_00007FF7234D24B0 | |
Source: | Code function: | 6_2_00007FF7234D489C | |
Source: | Code function: | 6_2_00007FF72343BB72 | |
Source: | Code function: | 6_2_00007FF723433B70 | |
Source: | Code function: | 6_2_00007FF723431760 | |
Source: | Code function: | 6_2_00007FF7234F3358 | |
Source: | Code function: | 6_2_00007FF723433780 | |
Source: | Code function: | 6_2_00007FF7234F3750 | |
Source: | Code function: | 6_2_00007FF723432FE0 | |
Source: | Code function: | 6_2_00007FF7234D2FA0 | |
Source: | Code function: | 6_2_00007FF7234D4290 | |
Source: | Code function: | 6_2_00007FF7234FEA20 | |
Source: | Code function: | 6_2_00007FF72343CE50 | |
Source: | Code function: | 6_2_00007FF7234D1F00 | |
Source: | Code function: | 6_2_00007FF7234D4AA0 | |
Source: | Code function: | 6_2_00007FF7234D4698 | |
Source: | Code function: | 6_2_00007FF72343AEC0 | |
Source: | Code function: | 6_2_00007FF72343DEC0 | |
Source: | Code function: | 6_2_00007FF72343A560 | |
Source: | Code function: | 6_2_00007FF723431D60 | |
Source: | Code function: | 6_2_00007FF7234D3538 | |
Source: | Code function: | 6_2_00007FF7234DF1DC | |
Source: | Code function: | 6_2_00007FF7234359E0 | |
Source: | Code function: | 6_2_00007FF7235145F0 | |
Source: | Code function: | 6_2_00007FF7234325D0 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 6_2_00007FF7234E1D9C |
Source: | Code function: | 6_2_00007FF723487204 |
Source: | Code function: | 6_2_00007FF7234CE438 | |
Source: | Code function: | 6_2_00007FF7234E1D9C |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_00007FF723510928 |
Source: | Code function: | 6_2_00007FF7234CE6E4 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 Windows Service | 1 Windows Service | 11 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Service Execution | 1 DLL Side-Loading | 11 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 DLL Side-Loading | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428994 |
Start date and time: | 2024-04-20 01:00:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run as Windows Service |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | elevation_service.exe |
Detection: | CLEAN |
Classification: | clean18.winEXE@9/2@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: elevation_service.exe
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 28 |
Entropy (8bit): | 3.678439190827718 |
Encrypted: | false |
SSDEEP: | 3:4A4AnXjzSv:4HAnXjg |
MD5: | A8F4D690C5BDE96AD275C7D4ABE0E3D3 |
SHA1: | 7C62C96EFD2CA4F3C3EBF0B24C9B5B4C04A4570A |
SHA-256: | 596CCC911C1772735AAC6A6B756A76D3D55BCECD006B980CF147090B2243FA7B |
SHA-512: | A875EBE3C5CDF222FF9D08576F4D996AF827A1C86B3E758CE23F6B33530D512A82CE8E39E519837512080C6212A0A19B3385809BE5F5001C4E488DD79550B852 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 421 |
Entropy (8bit): | 3.5163190789234875 |
Encrypted: | false |
SSDEEP: | 6:lg3D/8FNFGgVKBRjGxVVLvH2s/u8qLLFmLaZnsHgm66//V+NmAY2fq:lgA0gV0qVbH2suZLQqOVKmAxq |
MD5: | 132410ECDC544F13BE0AF4FB776048B4 |
SHA1: | 300DFF48BAAE41CD3A390F293AA9B7A8D30243F0 |
SHA-256: | 9DE198DC66F1FD4A3B6D45B4531192F8C3B0EB774FE22771852CB8966F235DAB |
SHA-512: | 115A03AC2257A15AD340FCD7254343D55B52B2EC1FDB2C70FBEC26B960BD9E9D4DC25DACB06B4AF42B15795D664229BE47B08DEA534668EF5C6C29B7942D8D76 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.553037080438572 |
TrID: |
|
File name: | elevation_service.exe |
File size: | 1'838'024 bytes |
MD5: | c93c02a0adb87cce4c3f1eded22889d9 |
SHA1: | 5e0eed96333f4d1be22ceec37a3f98b095b50b93 |
SHA256: | 6012fd82669bfd308bd6ac1c2b1b14821cc20c68881c496e838654b618199791 |
SHA512: | 96d6f4d0fecba2107adb92b477f47953da5e83044161e148ffd30d346f724b42733cb7a9322c982c418d5ce341e69576b55f73a2f2af5fc6724a0580a0547718 |
SSDEEP: | 49152:SQt30B3uA8EYHCree1uksbraFShGJIWkm:zt32u51HCri+sK |
TLSH: | 3B856C03F6D941E8D06DC17887469136EA72BC4A0B34B6DF0690B7592E77AE46F3EB10 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..........................................`........................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x14009e6d0 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66189CBA [Fri Apr 12 02:30:18 2024 UTC] |
TLS Callbacks: | 0x40052150, 0x1, 0x4009d880, 0x1, 0x4004ff00, 0x1, 0x4009ce30, 0x1, 0x4002aba0, 0x1, 0x40050f30, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 10 |
OS Version Minor: | 0 |
File Version Major: | 10 |
File Version Minor: | 0 |
Subsystem Version Major: | 10 |
Subsystem Version Minor: | 0 |
Import Hash: | 719fd2c00189a1df5b9b1509b836eef3 |
Signature Valid: | true |
Signature Issuer: | CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | CE375D7A0A494CFB6B46B4398281FD9B |
Thumbprint SHA-1: | FBFF636EBB3DE3A9FD6A55111F00B16D2FDFCF3D |
Thumbprint SHA-256: | 80CA15275739BEF2CAF6E5A4168EB0A07FEB15883E8A4F232D93B8EECFE0F0EA |
Serial: | 33000003A4CBE356B8CB7FE4270000000003A4 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FBE7084F340h |
dec eax |
add esp, 28h |
jmp 00007FBE7084F1AFh |
int3 |
int3 |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [000FC940h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007FBE7084F3A6h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [000F0362h] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [000F025Ch] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [000F0240h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [000F0488h] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x18dc7a | 0x3e4 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x18e060 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1cb000 | 0x1ac0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x1b6000 | 0xce34 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1be400 | 0x27c8 | .pdata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1cd000 | 0x1d40 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x18b6fc | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x18b5d0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x15f300 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x18e7a8 | 0x690 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x18d1d8 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x15c6cb | 0x15c800 | e497fd8e49cfb923b7dddd7e0bc32276 | False | 0.5182366391678622 | data | 6.573690533033309 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15e000 | 0x3c950 | 0x3ca00 | 291ae070e5ffa92a2db03b43847c6be2 | False | 0.4138611469072165 | data | 5.741133276985363 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19b000 | 0x1a5a0 | 0xfe00 | eefebc3a58495601ed00f3a88a102f4d | False | 0.040354330708661415 | data | 1.5636633192940868 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x1b6000 | 0xce34 | 0xd000 | 04b7fe8216f9cd6e602337abebfda8a1 | False | 0.4969012920673077 | data | 6.03512135145638 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gxfg | 0x1c3000 | 0x2d40 | 0x2e00 | 61270f4a86c588579f07aa68b5f99016 | False | 0.4242527173913043 | data | 5.176887601209698 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.retplne | 0x1c6000 | 0xac | 0x200 | fd91265591b837c5463dc743a0369bfa | False | 0.12890625 | data | 1.320312118710215 | |
.tls | 0x1c7000 | 0x1e1 | 0x200 | efd1c6f0f93ab2416c643b6c95043890 | False | 0.07421875 | data | 0.3227799089149221 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
LZMADEC | 0x1c8000 | 0x11f1 | 0x1200 | 05e9eab8428a551a281ab278073669fa | False | 0.3461371527777778 | data | 6.061983420666291 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
_RDATA | 0x1ca000 | 0x15c | 0x200 | acbeea6d34cf7f3d9ebe1da9b644e51e | False | 0.412109375 | data | 3.422089718840598 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x1cb000 | 0x1ac0 | 0x1c00 | 9eb247ad6a4192912c95b8dca06bae46 | False | 0.38936941964285715 | data | 4.5494994865267895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1cd000 | 0x1d40 | 0x1e00 | 0a934b4c3799fd766f5465a0f1aa3039 | False | 0.32981770833333335 | GLS_BINARY_LSB_FIRST | 5.4171080989850156 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
TYPELIB | 0x1cb100 | 0x10ac | data | English | United States | 0.3844892221180881 |
RT_VERSION | 0x1cc1b0 | 0x478 | data | English | United States | 0.40646853146853146 |
RT_MANIFEST | 0x1cc628 | 0x497 | XML 1.0 document, ASCII text, with very long lines (1061) | English | United States | 0.5089361702127659 |
DLL | Import |
---|---|
dbghelp.dll | SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW |
OLEAUT32.dll | SysAllocStringByteLen, SysStringByteLen |
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CompareStringW, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateHardLinkW, CreateProcessW, CreateThread, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProductInfo, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadId, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetVersionExW, GetWindowsDirectoryW, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, MapViewOfFile, MoveFileExW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, QueryFullProcessImageNameA, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, ResetEvent, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SystemTimeToFileTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnmapViewOfFile, UpdateProcThreadAttribute, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpiW, lstrlenA |
CRYPT32.dll | CryptProtectData, CryptUnprotectData |
RPCRT4.dll | I_RpcOpenClientProcess |
api-ms-win-core-winrt-string-l1-1-0.dll | WindowsCreateString, WindowsDeleteString, WindowsGetStringRawBuffer |
ntdll.dll | NtClose, NtDeleteKey, NtOpenKeyEx, NtQueryValueKey, RtlFormatCurrentUserKeyPath, RtlFreeUnicodeString, RtlInitUnicodeString |
api-ms-win-core-winrt-l1-1-0.dll | RoActivateInstance |
Name | Ordinal | Address |
---|---|---|
GetHandleVerifier | 1 | 0x14007fb20 |
OQS_CPU_has_extension | 2 | 0x1400e45f0 |
OQS_KEM_alg_count | 3 | 0x1400ea8c0 |
OQS_KEM_alg_identifier | 4 | 0x1400ea8a0 |
OQS_KEM_alg_is_enabled | 5 | 0x1400ea8d0 |
OQS_KEM_decaps | 6 | 0x1400eadb0 |
OQS_KEM_encaps | 7 | 0x1400ead80 |
OQS_KEM_free | 8 | 0x1400eade0 |
OQS_KEM_keypair | 9 | 0x1400ead60 |
OQS_KEM_kyber_768_decaps | 10 | 0x1400eae70 |
OQS_KEM_kyber_768_encaps | 11 | 0x1400eae60 |
OQS_KEM_kyber_768_keypair | 12 | 0x1400eae50 |
OQS_KEM_new | 13 | 0x1400eab20 |
OQS_MEM_cleanse | 14 | 0x1400e47a0 |
OQS_MEM_insecure_free | 15 | 0x1400e47e0 |
OQS_MEM_secure_bcmp | 16 | 0x1400e4770 |
OQS_MEM_secure_free | 17 | 0x1400e47b0 |
OQS_SIG_alg_count | 18 | 0x1400eaea0 |
OQS_SIG_alg_identifier | 19 | 0x1400eae80 |
OQS_SIG_alg_is_enabled | 20 | 0x1400eaeb0 |
OQS_SIG_free | 21 | 0x1400eade0 |
OQS_SIG_keypair | 22 | 0x1400eb020 |
OQS_SIG_new | 23 | 0x1400eaeb0 |
OQS_SIG_sign | 24 | 0x1400eb050 |
OQS_SIG_verify | 25 | 0x1400eb0a0 |
OQS_destroy | 26 | 0x1400e0030 |
OQS_init | 27 | 0x1400e4750 |
OQS_randombytes | 28 | 0x1400e4970 |
OQS_randombytes_custom_algorithm | 29 | 0x1400e4960 |
OQS_randombytes_nist_kat_init_256bit | 30 | 0x1400e4990 |
OQS_randombytes_switch_algorithm | 31 | 0x1400e4860 |
OQS_version | 32 | 0x1400e4760 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:01:32 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 01:01:32 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:01:32 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xce0000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:01:33 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 01:01:33 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 01:01:33 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xce0000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 6 |
Start time: | 01:01:33 |
Start date: | 20/04/2024 |
Path: | C:\Users\user\Desktop\elevation_service.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff723430000 |
File size: | 1'838'024 bytes |
MD5 hash: | C93C02A0ADB87CCE4C3F1EDED22889D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 7.3% |
Total number of Nodes: | 811 |
Total number of Limit Nodes: | 44 |
Graph
Function 00007FF7234F0BFC Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234DC958 Relevance: 4.5, APIs: 3, Instructions: 14COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234F58E4 Relevance: 3.1, APIs: 2, Instructions: 89COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234DC850 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234FEA20 Relevance: 25.7, APIs: 9, Strings: 5, Instructions: 1227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234E1D9C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723510928 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234FC88C Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343DEC0 Relevance: 1.3, Instructions: 1269COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343AEC0 Relevance: .6, Instructions: 646COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234359E0 Relevance: .6, Instructions: 591COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234325D0 Relevance: .5, Instructions: 510COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723431D60 Relevance: .5, Instructions: 452COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D24B0 Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343BC40 Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D3538 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723431760 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D1F00 Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D2FA0 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723432FE0 Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234F3070 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343A560 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343A820 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D4494 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D408C Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D489C Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D4290 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D4AA0 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234D4698 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343B900 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343CE50 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234DF1DC Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343CC28 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234338E0 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7235145F0 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723433B70 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723433D10 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF723433780 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72343BB72 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234F0A84 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234F1C20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234B8550 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234FE304 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234FFD0C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234E71D8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72344F910 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 289COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234DC8C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234FAB30 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234F0CC4 Relevance: 6.1, APIs: 4, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234E7870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7234CE85C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |