Windows
Analysis Report
UIxMarketPlugin.dll
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 6848 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\UIx MarketPlug in.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) - conhost.exe (PID: 5824 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6008 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\UIx MarketPlug in.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - rundll32.exe (PID: 6680 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\UIxM arketPlugi n.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7240 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 680 -s 672 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 4296 cmdline:
rundll32.e xe C:\User s\user\Des ktop\UIxMa rketPlugin .dll,Marke tCreate MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7232 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 4 296 -s 664 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7396 cmdline:
rundll32.e xe C:\User s\user\Des ktop\UIxMa rketPlugin .dll,Marke tRelease MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7444 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 396 -s 664 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7548 cmdline:
rundll32.e xe C:\User s\user\Des ktop\UIxMa rketPlugin .dll,_Fina lize@0 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7620 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\UIxM arketPlugi n.dll",Mar ketCreate MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7628 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\UIxM arketPlugi n.dll",Mar ketRelease MD5: 889B99C52A60DD49227C5E485A016679) - WerFault.exe (PID: 7724 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 628 -s 664 MD5: C31336C1EFC2CCB44B4326EA793040F2) - rundll32.exe (PID: 7636 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\UIxM arketPlugi n.dll",_Fi nalize@0 MD5: 889B99C52A60DD49227C5E485A016679) - rundll32.exe (PID: 7644 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\UIxM arketPlugi n.dll",_In itialize@4 MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 3_2_6CB5778C |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_6CB7BDCA |
Source: | Code function: | 3_2_6CBB8B09 | |
Source: | Code function: | 3_2_6CB6A603 | |
Source: | Code function: | 3_2_6CB6B1E9 | |
Source: | Code function: | 3_2_6CB762B4 | |
Source: | Code function: | 3_2_6CB7329A | |
Source: | Code function: | 3_2_6CB7D26F | |
Source: | Code function: | 3_2_6CB7B3DD | |
Source: | Code function: | 3_2_6CBC637D |
Source: | Code function: | 3_2_6CC3AEDE | |
Source: | Code function: | 3_2_6CC49E1C | |
Source: | Code function: | 3_2_6CB70F8A | |
Source: | Code function: | 3_2_6CBB3989 | |
Source: | Code function: | 3_2_6CC3DA35 | |
Source: | Code function: | 3_2_6CB41130 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_6CB5CFC0 |
Source: | Code function: | 3_2_6CB85CBF |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_6CC4AB94 |
Source: | Code function: | 3_2_6CC3AA38 | |
Source: | Code function: | 3_2_6CC3A4BF |
Source: | Code function: | 3_2_6CBB9E81 | |
Source: | Code function: | 3_2_6CBBAFD1 | |
Source: | Code function: | 3_2_6CB789B2 | |
Source: | Code function: | 3_2_6CB83902 | |
Source: | Code function: | 3_2_6CB73ABC | |
Source: | Code function: | 3_2_6CB78A56 | |
Source: | Code function: | 3_2_6CBB9B81 | |
Source: | Code function: | 3_2_6CBB9B81 | |
Source: | Code function: | 3_2_6CBB9B81 | |
Source: | Code function: | 3_2_6CBBA40C | |
Source: | Code function: | 3_2_6CBB90F2 |
Source: | Code function: | 3_2_6CB5E019 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 3_2_6CB5778C |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_3-43237 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_6CBB9CA2 |
Source: | Code function: | 3_2_6CC40458 |
Source: | Code function: | 3_2_6CC4AB94 |
Source: | Code function: | 3_2_6CC40458 | |
Source: | Code function: | 3_2_6CC39185 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 3_2_6CC42D23 |
Source: | Code function: | 3_2_6CC46799 |
Source: | Code function: | 3_2_6CB5E019 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 11 Virtualization/Sandbox Evasion | 21 Input Capture | 2 System Time Discovery | Remote Services | 21 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 3 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | Win32.Trojan.Generic | ||
13% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429045 |
Start date and time: | 2024-04-20 11:34:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | UIxMarketPlugin.dll |
Detection: | MAL |
Classification: | mal48.winDLL@24/17@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target rundll32.exe, PID 7396 because there are no executed function
- Execution Graph export aborted for target rundll32.exe, PID 7628 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
Time | Type | Description |
---|---|---|
11:35:08 | API Interceptor | |
11:35:10 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6a4b12cc5ab5a864a1114bf7acfd58aabbffc_7522e4b5_2ed9bbc9-d9dc-40e8-8bc1-c2b2b18dc67e\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9169191604141269 |
Encrypted: | false |
SSDEEP: | 192:NcBi5zOhq0BU/wjeTqPZrICzuiFOZ24IO8dciw:+Bi56hxBU/wjeszuiFOY4IO8dci |
MD5: | CEDE392BAA3DFA85A6745C5281954AD6 |
SHA1: | 31EA79CFADFB23648DE43EBC43C0E9272D9DAC20 |
SHA-256: | 565F1B4B28D75EB0D6383BCAAEC423A370B081FB01E32AB3B5A0338D1CB6E805 |
SHA-512: | 68E1E14AB724333DC4FBF3D9D8E293FBA95AFCA58F26340DFBAF9853522E8FD4FB7C5F3CEB0C2681146346336D93A1F014DD5F67CFC7F49E46B8F7B88590D827 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6a4b12cc5ab5a864a1114bf7acfd58aabbffc_7522e4b5_6d591dea-2ba8-4815-b033-90e29eb221c5\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9169449133066548 |
Encrypted: | false |
SSDEEP: | 192:h2Ji/JzOlq0BU/wjeTqPZrICzuiFOZ24IO8dci:8Jix6lxBU/wjeszuiFOY4IO8dci |
MD5: | 13DEBEF552EBDBDFB1D3B070D0E7E037 |
SHA1: | 221AA96DAE3EF3BDD335EA5D7009537F67A98C33 |
SHA-256: | 4311E17B4C7A3F93CD63D01A13726EA0D75E167E3018B97360C8DBB704FBC9B3 |
SHA-512: | 6807E928C969093DA16B3D7A2CDA162B6477AF9A5F3C7D3B47E5E5BD011826DE099F4A5E81700AF039CB3FBDAA2AA89672A71803AE9B46D5CDF08304DDA71737 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f4a2262f4d43d5b9ac2196a348f57232fa6b6712_7522e4b5_4a8c2699-ff11-4fe9-b765-eff75ae06606\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9171633720004378 |
Encrypted: | false |
SSDEEP: | 192:MGi9zOjz0BU/wjeTqPZrICzuiFOZ24IO8dci:hi96jgBU/wjeszuiFOY4IO8dci |
MD5: | A8CCC759B41724DD95B618BF0799D402 |
SHA1: | CFD59F597414473B1ED46D2E58D2EF8AFED4B831 |
SHA-256: | 0CBE6DEFC1596D54825562A2D410CF6E7535AF83E9F3BFB1C985B88FE557CA4C |
SHA-512: | ECCC292AD2117902083F22B02EF4E94951B6A91D92E0C663FF8E49FED4E4D4570C73DC54410F1152E8447A71C00C42CAEF3C923760C885BDD27291404A1F2A08 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f4a2262f4d43d5b9ac2196a348f57232fa6b6712_7522e4b5_881e2de0-372e-410d-9f8d-be4be5931c9d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9164981196324312 |
Encrypted: | false |
SSDEEP: | 192:lbxmiodzO3z0BU/wjeTqPZrICzuiFOZ24IO8dci:vmiq63gBU/wjeszuiFOY4IO8dci |
MD5: | 352B748030504EE0D40FBC9DAC7A532F |
SHA1: | B40F5658625A28CB3594EE37F94581DDD0D4C15C |
SHA-256: | 3446301AB912C564F8DEAA088EA721BFD2014E3E69A8CD4DAAED58F7AA3F5D58 |
SHA-512: | 47E85BC7B53CD965B8C4846252BD58587BD145B81D415AF016119707D0AF612A62DD11840D792408B827EA6CA115A9832BDAA6F6D095CBFBC9FE23390E9D13F7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45568 |
Entropy (8bit): | 1.938788622619129 |
Encrypted: | false |
SSDEEP: | 192:vvc+lwbclQZXXnDfUZMO5H4XLuzwtp+Fq3TLUHOwfq2uF:3c++bcinDf05HzzwtpF3TEO/ |
MD5: | F42CBF2BD3216C2BD0B9C64A6A6F498F |
SHA1: | CF918E2B2F7A92759578DB6B9918202705F72B4A |
SHA-256: | E21CFC6DF52D97E3F62E0329F1A2C0EE596FCBD6EFD534B7AEE6E87437A1A410 |
SHA-512: | 6619D98A5F4B9B873FA27C858B472857DD42FC49383D655B5772D2BAD6A753AD3750CDE6FA9B540E31ED9D79557ECD73F1F35071CB746085B12FDB356763CF16 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44356 |
Entropy (8bit): | 2.0008919248350883 |
Encrypted: | false |
SSDEEP: | 192:vkbwbHQZXXnoCLO5H4XVYWo5Ag/fFfGa8:scb8noV5Hcvo5Agfp8 |
MD5: | 565F622D3E49A0A82E01B671C0E82506 |
SHA1: | 2EB48EFE3E148E0247216BB360A3DE585094BF6C |
SHA-256: | 16FDFBB0590A43037F14634A307E15B6DB4D98D124F682F76D4F7DAD9D7A024D |
SHA-512: | E5157B5156264DA2E09E44BBE106A3A125D10AFBE6ABC73552E7BB814C2B7C7E236FEEE33A9FD83B4E6031A4CBB28368BB8B376E270BB0172ADB74D151A37E10 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8278 |
Entropy (8bit): | 3.690622226434646 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJEC6IeG16YIw67gmfT98pr789bPCsfwxwFm:R6lXJR6IeG16YP67gmfT9lPBf8P |
MD5: | C5BC00237B3AD9CD3E39B874685A1825 |
SHA1: | 0CC7B631561729E342BCFF8B7C990A1E9FD33BE0 |
SHA-256: | 88B933314C75EF3D8A100F09A256EE8D1FCFFDE47B6D703FC413D790758CCFB9 |
SHA-512: | 11963FE9FFFF65513E7E2C4062E3642471F0FFB2E90084B248E7AEC64A35E21AF09EA11CE4DE91EAF089FD98E2A2AF59F0ABDED214B18B4911836632C0068972 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8272 |
Entropy (8bit): | 3.6917903834014107 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJFz6mGayme6YFh6ngmfT98pr789bPksfqFm:R6lXJx6mG/6Yj6ngmfT9lPXfx |
MD5: | 743C16286E5C81F447F999DB7011C549 |
SHA1: | 41F8C59FBA85E9B7B0F85458151D7C0DE78015AA |
SHA-256: | 9DDD8AD594224D5FE9F10F2BE576DB60C444496AAFF7376E9C0EC5CD33F4AFA5 |
SHA-512: | 33C4907B726EB00BD382792A82348AEA0B9DE2E17655EB147F44F18331FD01FE27F2157125F1A48A9DFB0BA1D462651AB6E4316D0B759439DE9F08A9737F9A6B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4662 |
Entropy (8bit): | 4.469758995638258 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsCJg77aI9ilWpW8VY1Ym8M4JCdPaW8Fx+q8/wsSIGScSAd:uIjfQI78U7VRJDWk7snJ3Ad |
MD5: | 5C586B038C7F4F17D7FF9E0F54A7A710 |
SHA1: | BC236BA436CC94DEA74759021A2DDFD9F17FA10D |
SHA-256: | CBDF62D800E1B4F0D0E77CF5B7CBECB0750E8820FAF26FD0F31E63FFBC591BD4 |
SHA-512: | 1018ADE9CF190BC3EC7982C2393B849FE0FE66A792F779F977B3399D7A9A2B65883D7AA6C2B0C272D7CE9A5F90C2E7DEA95D7BEA44F2EF2BCEEAA210F9B27C9E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4662 |
Entropy (8bit): | 4.470755269754867 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsCJg77aI9ilWpW8VYpYm8M4JCdPaW8F5hvno+q8/wsSQinGScStd:uIjfQI78U7VxJDWOA7sOnJ3td |
MD5: | 6257D37BCC378F5A710AC4A761473431 |
SHA1: | D0836214D3647D9B6178BBBF3779FC0188AE2D67 |
SHA-256: | 894F91F218F0CDD45F585B9FEC035E8C925F114A054DB46060C1B0F8EB377B14 |
SHA-512: | 4423B3173CA50D3F868783B62A233CB4CEF5A24BBA29816FE1D6C556ACAE40A4AF1F56974690AE83E2BE2FE2282AD9AEED932B0C09071ACFA28100DA58B1FCCB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44420 |
Entropy (8bit): | 1.9800580285756308 |
Encrypted: | false |
SSDEEP: | 192:J3bwbpQZXXnhOjrqXO5H4XYx+cH07MBtCZeIWWM7+S/yRK:JcbOn0z5HtjBSexJp |
MD5: | 82DE42E9D6C4435617FD7B10798FC74D |
SHA1: | 83C1F05BA0620F5395068576792E7507DD296DA3 |
SHA-256: | CB7D65A4C4BA9379943177C0DC90CF27FCCF9B714A2FA7AEA4DC24BBA320D552 |
SHA-512: | 5E50CD8CA6D845C214D454E718FF9FAB008EA09A179A5C7BCEAAC7FB06DD9B90C99BD2B68D9FAC0E4C671F3699EC7B8AA2C77A487DA9A316B913BDB979E23679 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8276 |
Entropy (8bit): | 3.691710337404795 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJeB6uGwb6YIR6ygmfTS8prH89bdQsfd7fm:R6lXJw6uG86Yu6ygmfTShdjfdK |
MD5: | 925C3712C755E042AF6881A85C92F3A4 |
SHA1: | EB21031580BC381922283700D18891BB0900E260 |
SHA-256: | 1BC9075A32DF2227DAE42DB04ADE6567E84ED957697B817472A6438F22C6600E |
SHA-512: | 8313C8F2F0A1304F7114E2AB7A4AC1330DF7587F4436298B9A47F387AABA508363C62F420C13B6B003957D87A9B8902F0A12E19F7BCE19B8DAD18978492FE666 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4662 |
Entropy (8bit): | 4.472379149129144 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsCJg77aI9ilWpW8VYIYm8M4JCdPaWLFbl+q8/wsS+GScS6d:uIjfQI78U7V4JDW/7sxJ36d |
MD5: | 781DF6FDCA3F838758EE5CEA26F07452 |
SHA1: | 352E29734B29FF1FBF8E2AE037BB7A5F004AE60B |
SHA-256: | 0534A3A16796C305BEAED19846CFA15F601BA7E989709A17550B716F1A0543FE |
SHA-512: | 06B77C3742E216BBDACC121AD45424FCA70B91C5A2DA84A9A3DBC95C3D86884FA2FB07ED53970755A9DE04505699B2483D1D985DA5339148B3C3C952D4EE63DC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43980 |
Entropy (8bit): | 1.9660490230878094 |
Encrypted: | false |
SSDEEP: | 192:3JqwbzQZXXnVUAuCXO5H4Xm4KxC/RFg2v8TPGv2i:ZlbQnVU95Hz4KxC/XgBSj |
MD5: | C691B0655D76D219B0EFB9428B487346 |
SHA1: | 1F851FAE7916CC1DAEDD2CE4DA63BACB90C8A03B |
SHA-256: | 5B4C773A29D386A5930DB375C2DB3C04BFFE7FDC8538691E10F7EF9D50463DE7 |
SHA-512: | 00B232F4AC1DB52234C2F55BF900DE7288C2DC480E547AF80B2C9762A7BDC9592ABFC8F07FFB76FA17F8CB7C8DD36A1558E2EBA24ED1545D03F8435C1F5B4AD4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8268 |
Entropy (8bit): | 3.6915145709013233 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJm46oGSH6YI56jgmfTS8prO89bHesfetm:R6lXJx6oGy6YW6jgmfTSeHdf1 |
MD5: | 0A7244CAE4B53FF55347DD1739120392 |
SHA1: | 74AE7B041A858F0FB9BF71F14ADAE1BD07EDD1C9 |
SHA-256: | 361BEA9623458BDC49CCF7063D4CCB275D0DD90C347A67F49C961DE4268FF3E6 |
SHA-512: | 66400818EEDD2C1C131DB5C11C56FE550C40A0D1E23A61CFE587A9D5288BC906DBF52E67AAAA930C258D5C796753F36D72F3C7150462C444FB4187014CE51B8E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4662 |
Entropy (8bit): | 4.471657325233035 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsCJg77aI9ilWpW8VY7Ym8M4JCdPaWLFi+q8/wsS66KGScSud:uIjfQI78U7VvJDWQ7spJ3ud |
MD5: | DAA0956FEF9C83988A5F9CBD9AB0818A |
SHA1: | 96CED4CBB31ED54C1B0A76B7308E3688DDFFFC38 |
SHA-256: | 2AC039E09512FD59B6DC4438664E8576E0C50EE0B3C66810EDBE0C1CC2E68AE3 |
SHA-512: | CF9CDD52D58FF05D68BF635BE540F4AB8715D460778E34E7D3288B4F0BEACDDAB53E11F1EFA0C0DBEC094D0C13525FB6BA6A06FEAA7AA0979FEC43F787E042D4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.46623869994409 |
Encrypted: | false |
SSDEEP: | 6144:cIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNxdwBCswSbG:hXD94+WlLZMM6YFHT+G |
MD5: | CF26F5AB2896A83EB20C3A9941BFEFFB |
SHA1: | D5C1D9B38996A65D68315D2935FB97B264F66A6A |
SHA-256: | 7A23137D6F739DA278696F28930E2F19F75834C90B6397DDF6219597222EA6FB |
SHA-512: | 14CD3B78AA2E13A2B5A63F7869753B322D1773A7B197763033ACA87C66C217F66D9416AC0795EB00CC8955690CFCBEAC07B72B5481452EF40AB7153A6B38B380 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.484662993855079 |
TrID: |
|
File name: | UIxMarketPlugin.dll |
File size: | 1'640'960 bytes |
MD5: | d1ba9412e78bfc98074c5d724a1a87d6 |
SHA1: | 0572f98d78fb0b366b5a086c2a74cc68b771d368 |
SHA256: | cbcea8f28d8916219d1e8b0a8ca2db17e338eb812431bc4ad0cb36c06fd67f15 |
SHA512: | 8765de36d3824b12c0a4478c31b985878d4811bd0e5b6fba4ea07f8c76340bd66a2da3490d4871b95d9a12f96efc25507dfd87f431de211664dbe9a9c914af6f |
SSDEEP: | 49152:/7Q2CH7FiYk7q8wOP2nyh9VgFdJYZL6MsQv4Pvg3KIA8wuSgKacXTT3Kos2lpm:sZH7FZk7LP2nyh9VgFdJYZL6NQgPVIAv |
TLSH: | C6758D223680807AD27A3670D72EB37DB2FD95704E314287B9A10F397E35492962D7DB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.e.^.6.^.6.^.6.&K6.^.6.&[6.^.6.^.6.].6.(V6.^.6.(b6[^.6.(c6._.6.(g6.^.6.(S6.^.6.(R6.^.6.(U6.^.6Rich.^.6................PE..L.. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x100f9f93 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x556BF902 [Mon Jun 1 06:17:38 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 12fbd1bc75de00e13e4da8fd25e68e9a |
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FA4E490E577h |
call 00007FA4E49172F5h |
push dword ptr [ebp+08h] |
mov ecx, dword ptr [ebp+10h] |
mov edx, dword ptr [ebp+0Ch] |
call 00007FA4E490E461h |
pop ecx |
pop ebp |
retn 000Ch |
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
je 00007FA4E490E59Fh |
push dword ptr [ebp+08h] |
push 00000000h |
push dword ptr [1016ECF0h] |
call dword ptr [1011F26Ch] |
test eax, eax |
jne 00007FA4E490E58Ah |
push esi |
call 00007FA4E490F293h |
mov esi, eax |
call dword ptr [1011F3F4h] |
push eax |
call 00007FA4E490F243h |
pop ecx |
mov dword ptr [esi], eax |
pop esi |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
push ebx |
push esi |
push edi |
mov esi, dword ptr fs:[00000000h] |
mov dword ptr [ebp-04h], esi |
mov dword ptr [ebp-08h], 100FA054h |
push 00000000h |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp-08h] |
push dword ptr [ebp+08h] |
call 00007FA4E4923DFFh |
mov eax, dword ptr [ebp+0Ch] |
mov eax, dword ptr [eax+04h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x162ac0 | 0x99 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x15fb9c | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x171000 | 0x51c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x172000 | 0x1a0f8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11fc90 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x148ad0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11f000 | 0x8b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x11d016 | 0x11d200 | 19c22e50444b2cb95ca4b8dabebd0451 | False | 0.5568855148509426 | COM executable for DOS | 6.588771268212372 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11f000 | 0x43b59 | 0x43c00 | 2cb3a6941f9c3dc2670270e0c20f3879 | False | 0.2618700991697417 | data | 5.248483094701738 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x163000 | 0xd4fc | 0x5e00 | 3994260b23fd11cb128a1f8bb327feea | False | 0.2810837765957447 | OpenPGP Public Key | 4.905865876978756 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x171000 | 0x51c | 0x600 | 952d409009613bb50a943166bbec340f | False | 0.4010416666666667 | data | 4.542443196063801 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x172000 | 0x29364 | 0x29400 | 1b3611266ed137e60ef23b3549d980a9 | False | 0.2672644412878788 | data | 4.954189557699308 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x1710a0 | 0x320 | data | Japanese | Japan | 0.46 |
RT_MANIFEST | 0x1713c0 | 0x15a | ASCII text, with CRLF line terminators | English | United States | 0.5491329479768786 |
DLL | Import |
---|---|
KERNEL32.dll | VerifyVersionInfoW, VerSetConditionMask, GetConsoleMode, GetConsoleCP, LCMapStringW, GetTimeZoneInformation, GetStringTypeW, QueryPerformanceCounter, GetEnvironmentStringsW, WriteConsoleW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetModuleFileNameA, GetStartupInfoW, SetHandleCount, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, HeapDestroy, HeapCreate, GetStdHandle, IsProcessorFeaturePresent, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, VirtualAlloc, GetSystemTimeAsFileTime, ExitProcess, HeapQueryInformation, HeapSize, CreateThread, ExitThread, HeapReAlloc, RaiseException, RtlUnwind, HeapFree, GetCommandLineA, EncodePointer, DecodePointer, HeapAlloc, FindResourceExW, VirtualProtect, SearchPathW, Sleep, GetProfileIntW, GetTickCount, InitializeCriticalSectionAndSpinCount, GetTempPathW, GetTempFileNameW, GetNumberFormatW, GetWindowsDirectoryW, lstrcpyW, GetCurrentDirectoryW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetFileAttributesExW, GetUserDefaultUILanguage, GetLocaleInfoW, InterlockedExchange, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileW, lstrcmpiW, GlobalFlags, FreeResource, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, GetVersionExW, LoadLibraryW, lstrcmpW, FileTimeToSystemTime, lstrlenA, lstrcmpA, GlobalGetAtomNameW, CompareStringW, InterlockedIncrement, GetModuleHandleW, GetProcAddress, WaitForSingleObject, GetCurrentThreadId, ResumeThread, SetThreadPriority, CloseHandle, MultiByteToWideChar, CopyFileW, GlobalSize, FormatMessageW, MulDiv, lstrlenW, WideCharToMultiByte, GetCurrentProcessId, FreeLibrary, FindResourceW, LoadResource, LockResource, SizeofResource, InterlockedDecrement, GetModuleFileNameW, ActivateActCtx, ReleaseActCtx, DeactivateActCtx, TlsFree, GlobalFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalAlloc, GlobalHandle, GlobalUnlock, GlobalReAlloc, GlobalLock, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalFree, LocalAlloc, GetLastError, SetLastError |
USER32.dll | SetCapture, MapVirtualKeyW, IsRectEmpty, CreatePopupMenu, GetMenuDefaultItem, RedrawWindow, SetLayeredWindowAttributes, EnumDisplayMonitors, KillTimer, SetTimer, DeleteMenu, ShowOwnedPopups, SetCursor, IntersectRect, InvalidateRect, SetRectEmpty, IsIconic, PostQuitMessage, EndPaint, BeginPaint, GetWindowDC, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, SystemParametersInfoW, DestroyMenu, GetMenuItemInfoW, InflateRect, CharUpperW, DestroyIcon, GetDesktopWindow, RealChildWindowFromPoint, ClientToScreen, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CheckDlgButton, RegisterWindowMessageW, LoadIconW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, IsWindow, SetFocus, GetForegroundWindow, SetActiveWindow, BeginDeferWindowPos, EndDeferWindowPos, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, ScrollWindow, TrackPopupMenu, IsZoomed, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, GetAsyncKeyState, UpdateWindow, GetClientRect, PostMessageW, CreateWindowExW, SetWindowRgn, SetParent, ReleaseCapture, InvertRect, DrawFocusRect, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, GetWindowRect, ScreenToClient, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, CopyRect, PtInRect, SetWindowPlacement, GetWindowPlacement, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, HideCaret, EnableScrollBar, NotifyWinEvent, MessageBeep, GetNextDlgTabItem, OffsetRect, GetIconInfo, CopyImage, LoadImageW, GetNextDlgGroupItem, DrawIconEx, EndDialog, CreateDialogIndirectParamW, TranslateAcceleratorW, UnhookWindowsHookEx, MessageBoxW, EnableWindow, IsWindowEnabled, GetLastActivePopup, GetWindowLongW, GetParent, SendMessageW, GetWindowThreadProcessId, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, PostThreadMessageW, GetMenuItemID, AppendMenuW, GetMenuStringW, GetMenuState, ValidateRect, GetCursorPos, PeekMessageW, GetKeyState, IsWindowVisible, GetActiveWindow, DispatchMessageW, TranslateMessage, GetMessageW, CallNextHookEx, SetWindowsHookExW, GetSysColorBrush, GetSysColor, ReleaseDC, GetDC, GetSystemMetrics, DestroyAcceleratorTable, SetClassLongW, GetSystemMenu, LoadCursorW, GetWindowTextW, GetWindowTextLengthW, CheckMenuItem, EnableMenuItem, ModifyMenuW, GetFocus, LoadBitmapW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, GetWindow, SetWindowPos, SetWindowLongW, GetMenu, DrawStateW, DrawEdge, DrawFrameControl, CopyAcceleratorTableW, ToUnicodeEx, GetKeyboardLayout, GetKeyboardState, BringWindowToTop, InsertMenuItemW, LoadAcceleratorsW, LoadMenuW, ReuseDDElParam, UnpackDDElParam, SetRect, ShowScrollBar, WindowFromPoint, CreateAcceleratorTableW, SetCursorPos, LockWindowUpdate, GetKeyNameTextW, OpenClipboard, SetClipboardData, CloseClipboard, EmptyClipboard, IsCharLowerW, MapVirtualKeyExW, UnionRect, UpdateLayeredWindow, MonitorFromPoint, IsMenu, GetWindowRgn, DestroyCursor, DrawIcon, MapDialogRect, SubtractRect, GetDoubleClickTime, CharUpperBuffW, CopyIcon, RegisterClipboardFormatW, GetUpdateRect, FrameRect, IsClipboardFormatAvailable, SetMenuDefaultItem, CreateMenu, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, WaitMessage, SetMenu |
GDI32.dll | PtVisible, RectVisible, TextOutW, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, DeleteDC, CreatePatternBrush, GetStockObject, SelectPalette, GetObjectType, CreatePen, CreateSolidBrush, CreateHatchBrush, CreateCompatibleBitmap, CreateRectRgnIndirect, SetRectRgn, CombineRgn, PatBlt, DPtoLP, CreateDIBitmap, GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, GetBkColor, GetNearestPaletteIndex, RealizePalette, GetSystemPaletteEntries, CreateDIBSection, CreateRoundRectRgn, GetWindowExtEx, GetTextColor, CreateEllipticRgn, Polyline, Ellipse, Polygon, SetDIBColorTable, StretchBlt, SetPixel, Rectangle, OffsetRgn, GetRgnBox, EnumFontFamiliesExW, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, ExtFloodFill, SetPaletteEntries, SetPixelV, GetTextFaceW, CreatePalette, GetPixel, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetROP2, GetViewportExtEx, CreateRectRgn, SelectClipRgn, SetLayout, CreatePolygonRgn, GetLayout, GetDeviceCaps, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32W, ExtTextOutW, BitBlt, CreateCompatibleDC, CreateFontIndirectW, DeleteObject, GetObjectW, SetBkColor, SetTextColor, CreateBitmap, CreateDCW, GetPaletteEntries, CopyMetaFileW |
WINSPOOL.DRV | DocumentPropertiesW, OpenPrinterW, ClosePrinter |
COMDLG32.dll | GetFileTitleW |
ADVAPI32.dll | RegQueryValueExW, RegEnumKeyExW, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW, RegCloseKey |
SHELL32.dll | SHGetFileInfoW, SHGetDesktopFolder, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHAppBarMessage, SHBrowseForFolderW, DragQueryFileW, DragFinish, ShellExecuteW |
ole32.dll | OleRun, OleGetClipboard, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, DoDragDrop, OleLockRunning, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, CreateStreamOnHGlobal, CoInitializeEx, CoInitialize, CoUninitialize, CoCreateInstance, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemFree |
OLEAUT32.dll | VariantChangeType, VariantClear, SysFreeString, VarBstrFromDate, VariantInit, SysAllocString, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, SysAllocStringLen |
SHLWAPI.dll | PathRemoveFileSpecW, PathFindExtensionW, PathIsUNCW, PathStripToRootW, PathFindFileNameW |
OLEACC.dll | AccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject |
gdiplus.dll | GdipDrawImageI, GdipGetImageGraphicsContext, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePalette, GdipGetImagePaletteSize, GdipFree, GdipAlloc, GdipDeleteGraphics, GdipDisposeImage, GdipCreateBitmapFromHBITMAP, GdiplusStartup, GdiplusShutdown, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat |
MSIMG32.dll | TransparentBlt, AlphaBlend |
IMM32.dll | ImmReleaseContext, ImmGetContext, ImmGetOpenStatus |
WINMM.dll | PlaySoundW |
COMCTL32.dll | ImageList_GetIconSize |
Name | Ordinal | Address |
---|---|---|
MarketCreate | 1 | 0x100031b0 |
MarketRelease | 2 | 0x10003250 |
_Finalize@0 | 3 | 0x100031a0 |
_Initialize@4 | 4 | 0x10003140 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Japanese | Japan | |
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 11:34:59 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 11:35:02 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 11:35:02 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 11:35:05 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 11:35:08 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 11:35:08 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 11:35:08 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 11:35:08 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6a0000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 11:35:08 |
Start date: | 20/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcd0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.2% |
Total number of Nodes: | 497 |
Total number of Limit Nodes: | 17 |
Graph
Function 6CB5E019 Relevance: 105.6, APIs: 48, Strings: 12, Instructions: 557libraryloaderstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5DAE7 Relevance: 64.8, APIs: 43, Instructions: 304COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA18F3 Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 421windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4BF50 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA1CCB Relevance: 4.6, APIs: 3, Instructions: 119COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB51D28 Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4DD52 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBBA40C Relevance: 42.5, APIs: 28, Instructions: 452windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6A603 Relevance: 27.4, APIs: 18, Instructions: 386windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7D26F Relevance: 21.3, APIs: 14, Instructions: 280keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7B3DD Relevance: 21.3, APIs: 14, Instructions: 268keyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB90F2 Relevance: 16.7, APIs: 11, Instructions: 220windowkeyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB9CA2 Relevance: 7.7, APIs: 5, Instructions: 153windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB85CBF Relevance: 6.2, APIs: 4, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBBAFD1 Relevance: 3.1, APIs: 2, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB73ABC Relevance: 3.0, APIs: 2, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5CFC0 Relevance: 3.0, APIs: 2, Instructions: 34comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB789B2 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB78A56 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA13F2 Relevance: 52.8, APIs: 28, Strings: 2, Instructions: 323fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA6DA6 Relevance: 40.8, APIs: 27, Instructions: 344COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC42261 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA27EB Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 278windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9DA9D Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 263windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB52605 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 191windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5F6F8 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 315windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9D7BD Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 237windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9D5D6 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 157windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6DFD3 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 161windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5D141 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 72libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB62ECB Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 230windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB8BDA0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 73libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC0B9AC Relevance: 24.4, APIs: 16, Instructions: 368COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6D36E Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 234windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC75BF Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5F18E Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7818A Relevance: 16.8, APIs: 11, Instructions: 269COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9F704 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6543B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC0480 Relevance: 15.3, APIs: 10, Instructions: 269COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7580F Relevance: 15.1, APIs: 10, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5491F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7900D Relevance: 13.7, APIs: 9, Instructions: 242COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB645D5 Relevance: 13.7, APIs: 9, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4C10F Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4CD74 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6293D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB63183 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB63F77 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC23957 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB8075A Relevance: 12.1, APIs: 8, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBEDBBB Relevance: 12.1, APIs: 8, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4D128 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5CB09 Relevance: 12.1, APIs: 8, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4D335 Relevance: 12.1, APIs: 8, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4E7DF Relevance: 12.0, APIs: 8, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBBE7C7 Relevance: 10.8, APIs: 7, Instructions: 348COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB402A Relevance: 10.7, APIs: 7, Instructions: 242COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB46730 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 156libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4B750 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA22B7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB80AA0 Relevance: 10.6, APIs: 7, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB78B8F Relevance: 10.6, APIs: 7, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB52E91 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC382D4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB49760 Relevance: 10.6, APIs: 7, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB87BB6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7939D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB98370 Relevance: 10.6, APIs: 7, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB947B Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBEA35B Relevance: 10.6, APIs: 7, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB8A5F9 Relevance: 10.6, APIs: 7, Instructions: 76windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB50CB3 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56D53 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC41F7D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4E799 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB827B3 Relevance: 9.3, APIs: 6, Instructions: 299COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB48320 Relevance: 9.2, APIs: 6, Instructions: 212memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB60A77 Relevance: 9.2, APIs: 6, Instructions: 177windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB80C16 Relevance: 9.2, APIs: 6, Instructions: 173COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB84269 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4B080 Relevance: 9.1, APIs: 6, Instructions: 146memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB70030 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB64A82 Relevance: 9.1, APIs: 6, Instructions: 137windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6DA00 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6E4AD Relevance: 9.1, APIs: 6, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB65A1F Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9CC27 Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6AE47 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9FAFF Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4CCC2 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB71FF5 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56CBB Relevance: 9.1, APIs: 6, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56E15 Relevance: 9.1, APIs: 6, Instructions: 52windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB60F1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4FFF4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB79315 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB57148 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46libraryfileloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56EAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBBDEB8 Relevance: 7.9, APIs: 5, Instructions: 369windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB80F38 Relevance: 7.8, APIs: 5, Instructions: 338COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBDFFBD Relevance: 7.7, APIs: 5, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5F391 Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB8B9E8 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA6A93 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB83F29 Relevance: 7.6, APIs: 5, Instructions: 108windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB81585 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB84067 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB88B4E Relevance: 7.6, APIs: 5, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB7EAE Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6E9F0 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5DEA2 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB80A9 Relevance: 7.6, APIs: 5, Instructions: 90windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC037C Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB9385 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB52472 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB53EC5 Relevance: 7.6, APIs: 5, Instructions: 80windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC082D Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB87A95 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB64432 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB726DE Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA90D9 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB887E Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB72EE8 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB8AFB1 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB874D9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56ABF Relevance: 7.6, APIs: 5, Instructions: 55stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6B341 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB658B1 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBEA679 Relevance: 7.6, APIs: 5, Instructions: 53threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB9FBD1 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6E737 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB72544 Relevance: 7.5, APIs: 5, Instructions: 48windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6BC22 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC2AF7 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5CBD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB777E5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB54712 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC59E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40timewindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4E9C6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4EA2B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4E96D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5B296 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5D245 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB48910 Relevance: 6.2, APIs: 4, Instructions: 199memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB63AE4 Relevance: 6.2, APIs: 4, Instructions: 175COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC3F43 Relevance: 6.2, APIs: 4, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4AC00 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB861D Relevance: 6.2, APIs: 4, Instructions: 162windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC0B40D Relevance: 6.2, APIs: 4, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5B65C Relevance: 6.2, APIs: 4, Instructions: 155timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5D483 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB560FE Relevance: 6.1, APIs: 4, Instructions: 132windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBBB185 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBA4267 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB65D1C Relevance: 6.1, APIs: 4, Instructions: 111COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB79F16 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB7A8BC Relevance: 6.1, APIs: 4, Instructions: 111COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB1BEF Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC0B6A7 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB49900 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB64C1F Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6D239 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC3C6EB Relevance: 6.1, APIs: 4, Instructions: 69COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC1ED62 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4D284 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB77ADE Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6FF47 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB58191 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB4FE74 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB72DA4 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB61329 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB53D4A Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB75A2 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5344A Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB80A1B Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB63A66 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB565FE Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB6BD8F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB56991 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB703F3 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CC2386F Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBC62DF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CB5C34A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBD8282 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registrywindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CBB710B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |