Windows
Analysis Report
vulkan-1.dll
Overview
General Information
Detection
Score: | 6 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample crashes during execution, try analyze it on another analysis machine |
- System is w10x64
- loaddll64.exe (PID: 7292 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\vul kan-1.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 7300 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7344 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\vul kan-1.dll" ,#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 7368 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", #1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7480 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 368 -s 348 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7352 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vulka n-1.dll,vk AcquireNex tImage2KHR MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7472 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 352 -s 316 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7632 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vulka n-1.dll,vk AcquireNex tImageKHR MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7680 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 632 -s 340 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7776 cmdline:
rundll32.e xe C:\User s\user\Des ktop\vulka n-1.dll,vk AllocateCo mmandBuffe rs MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7832 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 776 -s 348 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7888 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkAcquireN extImage2K HR MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7896 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkAcquireN extImageKH R MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7920 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkAllocate CommandBuf fers MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7956 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkWaitSema phores MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7992 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkWaitForF ences MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 8024 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkUpdateDe scriptorSe ts MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 8064 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkUpdateDe scriptorSe tWithTempl ate MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 8100 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkUnmapMem ory MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 8132 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkTrimComm andPool MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 8172 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkSignalSe maphore MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 1432 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkSetPriva teData MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 5780 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkSetEvent MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7028 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkResetQue ryPool MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 1360 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkResetFen ces MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 180 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\vulk an-1.dll", vkResetEve nt MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FFDFF284804 | |
Source: | Code function: | 0_2_00007FFDFF2A8000 | |
Source: | Code function: | 0_2_00007FFDFF28B7E8 | |
Source: | Code function: | 0_2_00007FFDFF225830 | |
Source: | Code function: | 0_2_00007FFDFF227F50 | |
Source: | Code function: | 0_2_00007FFDFF295740 | |
Source: | Code function: | 0_2_00007FFDFF227F30 | |
Source: | Code function: | 0_2_00007FFDFF228610 | |
Source: | Code function: | 0_2_00007FFDFF2A2618 | |
Source: | Code function: | 0_2_00007FFDFF284E10 | |
Source: | Code function: | 0_2_00007FFDFF222613 | |
Source: | Code function: | 0_2_00007FFDFF284600 | |
Source: | Code function: | 0_2_00007FFDFF222620 | |
Source: | Code function: | 0_2_00007FFDFF222490 | |
Source: | Code function: | 0_2_00007FFDFF2834C0 | |
Source: | Code function: | 0_2_00007FFDFF2A3504 | |
Source: | Code function: | 0_2_00007FFDFF2234F0 | |
Source: | Code function: | 0_2_00007FFDFF29D4EC | |
Source: | Code function: | 0_2_00007FFDFF227D30 | |
Source: | Code function: | 0_2_00007FFDFF231D20 | |
Source: | Code function: | 0_2_00007FFDFF28D3B4 | |
Source: | Code function: | 0_2_00007FFDFF284C0C | |
Source: | Code function: | 0_2_00007FFDFF2843FC | |
Source: | Code function: | 0_2_00007FFDFF285C50 | |
Source: | Code function: | 0_2_00007FFDFF294C28 | |
Source: | Code function: | 0_2_00007FFDFF282420 | |
Source: | Code function: | 0_2_00007FFDFF2AB294 | |
Source: | Code function: | 0_2_00007FFDFF241990 | |
Source: | Code function: | 0_2_00007FFDFF2829D0 | |
Source: | Code function: | 0_2_00007FFDFF2219B0 | |
Source: | Code function: | 0_2_00007FFDFF2281A0 | |
Source: | Code function: | 0_2_00007FFDFF2ABA14 | |
Source: | Code function: | 0_2_00007FFDFF284A08 | |
Source: | Code function: | 0_2_00007FFDFF29D204 | |
Source: | Code function: | 0_2_00007FFDFF283A58 | |
Source: | Code function: | 0_2_00007FFDFF23787C | |
Source: | Code function: | 0_2_00007FFDFF29D8E4 |
Source: | Code function: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFDFF234C6D |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Last function: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: | |||
Source: | Process queried: |
Source: | Code function: | 0_2_00007FFDFF29C85C |
Source: | Code function: | 0_2_00007FFDFF29C85C | |
Source: | Code function: | 0_2_00007FFDFF27EC38 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFDFF29AF84 | |
Source: | Code function: | 0_2_00007FFDFF29B7B8 | |
Source: | Code function: | 0_2_00007FFDFF2A07EC | |
Source: | Code function: | 0_2_00007FFDFF2A0D98 | |
Source: | Code function: | 0_2_00007FFDFF2A04EC | |
Source: | Code function: | 0_2_00007FFDFF2A0B08 |
Source: | Code function: | 0_2_00007FFDFF27EFE0 |
Source: | Code function: | 0_2_00007FFDFF2AA5B4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431065 |
Start date and time: | 2024-04-24 14:39:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | vulkan-1.dll |
Detection: | CLEAN |
Classification: | clean6.winDLL@102/17@0/0 |
EGA Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): WerFault.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target loaddll64.exe, PID 7292 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
Time | Type | Description |
---|---|---|
14:40:35 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_8a98533a1ee59e3066e2be1dd9ba698f1f7c53_20b95fe6_efed0deb-ab6a-419b-abdf-f64dadf15c15\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7758381445230415 |
Encrypted: | false |
SSDEEP: | 96:9QFWwjiCyKyesjwK4RvtpQa8foQXIDcQGc6zHcEDcw3CXaXz+HbHgSQgJjAdo8Fr:eriCyeU0Y/pUjGUzuiFyZ24lO85 |
MD5: | 446EA6C9E4CE1F8813DBEDC4B79BCB2F |
SHA1: | 3B520A79D0DDCAFB62F7AA94EA5B0A3CEEB9801A |
SHA-256: | D45991B0FDDDC0AA9E49545F6B9726757F0BA10655F70FF6A24E9F5B0B1D0859 |
SHA-512: | 72FAE908423AB27FBEC8DE29DCC03AE850BF9C9F19842A07619B59322538697A9EFC26EE231E0F75AB84DC89F272FDD0CA401143DE079AFFF09C061B6262ED2F |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_8a98533a1ee59e3066e2be1dd9ba698f1f7c53_20b95fe6_f1d6bd2e-9a5c-402a-bf9b-fffb0991a373\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7761060808634885 |
Encrypted: | false |
SSDEEP: | 96:gsFm7pwjiIyKyXsjwK4RvtpQa8foQXIDcQGc6zHcEDcw3CXaXz+HbHgSQgJjAdoa:hhiIyXU0Y/pUjGUzuiFyZ24lO85 |
MD5: | 0B93DBAC07B584DBA9E81C6222B42294 |
SHA1: | AF08BB520883BFE0C3246ED6630F48B4FCAB9AC7 |
SHA-256: | 9F7A8042D4091AD1254BDC62D4885A4BEA6CDC229479314D12A09B3C9E4F07A5 |
SHA-512: | 0F8CDB15764F5D29F671A6B646C3D160C7E8B556A794A344472FEA178804DE8C1EAEE8D9802AF04FF2D7F74A7F7EB04EE9A4A3AD157238E2BB80655DEB4DD346 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_d2be42f9ca26f5b1c98ace275864247822806def_20b95fe6_fb6bb36d-6fd7-4e37-9ac7-808a63498779\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7758654923958672 |
Encrypted: | false |
SSDEEP: | 96:+spFVAtwjivyKytsjwK4RvtpQa8fNQXIDcQGc6zHcEBzcw3BzUXaXz+HbHgSQgJ/:tfAKivytJ0Y/rzVmjGUzuiFyZ24lO85 |
MD5: | 86801B2537950342C7BE3EB7E7829C4A |
SHA1: | 32CDD3B5B597834E0FBCBC361DD6FCC36EB710BD |
SHA-256: | 211E612CFE6BF7D51DCA71E7291031FF9339B1BEE3CE1706868356CA67FEE507 |
SHA-512: | E0B908AB9C687FF481A1695C8839D02E79209206BF6F38811BFC0A1A014408FDA4361E59933A092F3913269ECACC46E4ADFFBBD9D16A9E4A1E3170326B161681 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_f81a78fb38adc0648cfeb4514965597f248381b_20b95fe6_2b7c5b8b-ad79-4160-9e69-1ee53bd9092b\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7760779009045959 |
Encrypted: | false |
SSDEEP: | 96:tRgFPOFwjioyKyxsjwK4RvtpQa8ftQXIDcQGc6zHcE+cw32XaXz+HbHgSQgJjAdd:ty91ioyx50Y/kYjGUzuiFyZ24lO85 |
MD5: | AEAA6BE9D473AFD4DD80E4BDE9B5EFE6 |
SHA1: | 4FA0978EA7417124B45E8E07D172B318ECD73539 |
SHA-256: | 9BE5D5BE48EDBEB6A31D94216586DC68539BC1DB196EEE5DC078D8488EEC3CB2 |
SHA-512: | 254D8699112B2936E62201F0132FD6964A66D00C100DCBCB4CDAD18BA3CBA4D131D086112B8F364ABE46EB51C350D7A0C9F5E0679BD57CCD3A1F809721E468A4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56868 |
Entropy (8bit): | 1.6468263471947209 |
Encrypted: | false |
SSDEEP: | 192:99Svf/ScOMOOyNbnKwYMHsHwXpS9keJ9nHN:wSTVOyNbnEoIgY7JhH |
MD5: | BE11AECC61A673314A74DA96B9351BC9 |
SHA1: | A0A3C9718FEC93E1CBB582D84296860F02C222C0 |
SHA-256: | 589F8A785D8FF44B414C375068FD02D23177C5F88E3C496E29165B7798BD61AD |
SHA-512: | 3D00AE0AC3608F588BF483F30EFDB28AF7E22F508BAF4524D58672ACCD7F417C07E80E55DEF6FC518E93BC8D2397E3F732AFDF424A5CBF5BEB510250AA1E5882 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57856 |
Entropy (8bit): | 1.6334161064102024 |
Encrypted: | false |
SSDEEP: | 192:95amqBKScOMOpZEaJFpS9o0wU/4m9gWXqQ:5vSTVpZEaJFYGi/4XW3 |
MD5: | DD77C4E6272B337BEFD030D054EBCA00 |
SHA1: | 028DF128D64217BD3F87979A9286E13C6F297B09 |
SHA-256: | 9EF60A7D81E22CD0D4D3838F89532424FF59AD32937A2DD1B525A31119B0363E |
SHA-512: | 837CE1E98BCCF883D531361A5D690CC98DCCAC1BBA4A74F4BB870FBE1D61E82FE0713FAB9B3AD0F1A130403BE5EE261F524123344FB738BE9717603EEAB23DD5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8758 |
Entropy (8bit): | 3.7027820897932333 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWIHW6b6YfEjngmfRHGtprr89bj5DfABm:R6lXJJ26b6Y8jngmfRmcjNfb |
MD5: | F5F15550724C3D2D7B55F47A249330A7 |
SHA1: | 1352031D3010C4B52A154195D2A6D33EACE7E582 |
SHA-256: | 47AD4CD577BBF9B2E2053DEC69ED49D59DE0669F6E7CEF719A1F029B5147E600 |
SHA-512: | E71D39364836F193ACE14599A2C6BA24B93E4A1B53ED75D2054972A35892BFD2C8EE93E32948AA57D4F171DFE6F95F1494A2A37448AB77E8CFE6CE15DC97120F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4748 |
Entropy (8bit): | 4.475725015046485 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsWJg771I9P8WpW8VYkZYm8M4JCcC6kFeDyq85mhQptSTSsd:uIjfsI7A17VoJXDspoOsd |
MD5: | 9A67378BE35E1FE831897A02E69050BC |
SHA1: | 725DCE708A5644F300FE724E21F502F5BB1F684F |
SHA-256: | D5C3A11F36BE839340ECC402EC32258DA58BB93B1B89BE836FD2348A2AB65612 |
SHA-512: | F5B6844738854651AB3286D7E11242DC5BF0FC419CDF3416167C16B7FB681840CAC3BF19A9624E5223099213E68889F741435656B88A94C15554B66080633CEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8766 |
Entropy (8bit): | 3.7027665211747043 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJPYHS6K6Y3i8fgmfRHGtprr89bjRDfhBm:R6lXJgy6K6YycgmfRmcjlf2 |
MD5: | 2E960BEF620DCB9FE8E24D94D929B8F2 |
SHA1: | 98516525C9B7EEEBAA871057021EE058396CDD6D |
SHA-256: | 66BC261C35D5818CFE9F8AD24729301994FA79C99038E0B2EDD61C3B70DEF1A8 |
SHA-512: | C82CD9C5462930BFAE09A4E9EFD4734B625E692FC75EDA2CA30492D557F7B3BE527DDAC4E940D19933DFA5849006902FB3807D131CF62B06021AB4D4A50E5D93 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4748 |
Entropy (8bit): | 4.477105197641119 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsWJg771I9P8WpW8VYWYm8M4JCcC6kFUYyq85mhl4ptSTSRd:uIjfsI7A17VWJ1YCpoORd |
MD5: | 399D73FFB3CB2E28FCE4AFA0FAD867E5 |
SHA1: | 1DA797FE81DA4E9C7331141FC0D09DEAA04CB65B |
SHA-256: | E69E89B6BFF3B7F656E1B0815CE6508A6C19FAE654A352DFB8F8CEDE2096EBA0 |
SHA-512: | 0DEAF72DA107263F2359B561335BFBD8F7B03B77586635772E71047F28B3AF900884CF5833D1B65B2B909E8F770580555BDB37E1E5D191FA915BCEE1F675AD20 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56508 |
Entropy (8bit): | 1.6567185660001948 |
Encrypted: | false |
SSDEEP: | 192:2vh1+40eOMOSJBCi30YWvP44K3CuwsMwGal197z:C/T0ZV6BCa0YWvCy0MwGav97 |
MD5: | D1955C363F665A5C1F86C253B5B82AA2 |
SHA1: | D8BE876D448534EA4CA90E7E41BA32B6ED234B21 |
SHA-256: | 615515938DE0322CAC84AB6AECE4097C01DAE030466AFE2B94E7A45260F887F6 |
SHA-512: | F6D25EA4EA0882A72338A0D8D55FCB8D4B3F1716881B9D78325BD4E9433AB25A808D4046BB181136315B4695041A05836FE150AAF651E870FEB8739F4CEEE58F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8764 |
Entropy (8bit): | 3.7026596669900953 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNjHu6g6YfjjngmfRH9nprQ89bMoDfWbkm:R6lXJ5O6g6Y7jngmfRdHMkfWd |
MD5: | D21AA428429882919156E6CD652EF1D4 |
SHA1: | 77EFEF2BFA195CEC3743129B430909E7863642E8 |
SHA-256: | B356DBC299CF3BFE1D4670D540ED1AB9C012B25D6C113DB2A6542CBC6235EF05 |
SHA-512: | B815A54F15054229CD13462EF5D85929C4E468F20A3481C08BC6855DAD22ED9E3946D93909A3942F1CC2FAB248092A3985649781EB7238171A07B483E15F949E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4748 |
Entropy (8bit): | 4.475044827652875 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsWJg771I9P8WpW8VY3Ym8M4JCcC6HFO7Pyq85mhoPptSTSYd:uIjfsI7A17VXJgDQpoOYd |
MD5: | F9AB8F2BFDD90CA26C6076E683CE250B |
SHA1: | F80A1B2CA8354EE848E37C03273D629B18A566DF |
SHA-256: | B589A73926D17F25D2DD25B1DB747CFFF2D21223BEA0147072BF0EC3D78F582E |
SHA-512: | 071738F693DDD0160232B1A29773B9DE510431C81F8B4AB0475FDC5422F3962BCE5DEF9F5E7397C839352EB405BC21F7CA1BE28CA1D016D3ACABCD3DDFA9A8D8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57068 |
Entropy (8bit): | 1.6550227507184851 |
Encrypted: | false |
SSDEEP: | 192:PNk42OOMObPq7VLqahnw5nohywMQHZlA:h2JVbPq7VHWnohFM |
MD5: | 0F990E3CC7F646C7972E3D3C0A42488B |
SHA1: | 0AA6458E0696F2BF43C6A6B1E5B6DD98BF3F9DCE |
SHA-256: | 077784AE0FF87C0B81DAE51800CBEB2D7E82A471E178C4F7B34F7E8D360A31D0 |
SHA-512: | D5D0F606A817ABFF0C506351C5C8AB80F83691235F45C4505EB628B9B57F99F9E547670982A711149AF0D1D74824E843A189D44A13D744432FC1A22FBA78B225 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8760 |
Entropy (8bit): | 3.7011777789555023 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ0RH56V6YfnjngmfRH9spr+89b5drfabzm:R6lXJCZ6V6YPjngmfRd+5Rf7 |
MD5: | ED8C4E06F2E88754052FD371BE8CC0FE |
SHA1: | 7F20C9D21C61E5C4FA5B2D3BCFABBD890D92C8A1 |
SHA-256: | D6CBB64FC9FDA6C9F4B106F173A41894168E773B787A650AD8B6CD8655D1B5AE |
SHA-512: | A25CBB2727F3168CAA2FC722CEC6FFD7705F0F3B2B618A04007CD16AAA2806DFD0888914C202C5915B8AB33692E70E74A5D2BB2838B98D84389A1DFB5C988C07 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4748 |
Entropy (8bit): | 4.473697913127928 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsWJg771I9P8WpW8VYIYm8M4JCcC61F4W2yq85mh5ptSTSMd:uIjfsI7A17VUJ8tpoOMd |
MD5: | FC5524F047DC7AEFAA377B348D20D680 |
SHA1: | D33CF3518EC45EED6E5EE79E2B2E2B0F9C282947 |
SHA-256: | 149E3EA6B93932CEA57DBC886F27D1232CB123DD3F65D4CC9669637BEE48EB3B |
SHA-512: | A3905F18D526288B523E7FDB69F336140FA28AE671A1ACC9174E01DA67C551C6B76A897E8AC4438B9AB2BDC5FA60448CD20AC427D21495A108E371DA59F3DA3C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466397250677987 |
Encrypted: | false |
SSDEEP: | 6144:1IXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNcdwBCswSb9:2XD94zWlLZMM6YFHa+9 |
MD5: | 1DD49A2EA0F5C601AFDAAB4B05D3AAAE |
SHA1: | E54B47B1643073129A7EC63244A9ECA6DF394FB8 |
SHA-256: | 0E080DD746D27C2D4CA75D3FF6A62121784AD2C030F332B252C79722CAB20638 |
SHA-512: | D583EDC6CCB1DB5BB3A6C2C45B57C4F6A0A8FF9532180EE97DB97CD20606F112CE719737472BFD56B23C504AC3923BB97AAEB2AFCD4D246AA534BFBA3CEFBF5C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.5737856921703965 |
TrID: |
|
File name: | vulkan-1.dll |
File size: | 939'520 bytes |
MD5: | 5e162bcda79c966d63a15e49c8bf8c13 |
SHA1: | 2f2c77e120b66a34648c22fa23d525b1ead0df67 |
SHA256: | 25d6b4ef0a74f1a04476dc2944def16d4ca2b015277add2ebcfbc1c3df13793c |
SHA512: | 10a89f1618b9aa96fd524f92b29506045cac8f00ee846e950591d59f6fb49a79268044424e2497e3c75815c140a458c9fb27e781a2fe1949f5eed408abe3326d |
SSDEEP: | 24576:WV9nIy2kwpHHPDnCo3A1XpQ66Z5WoDYsHs6g3P0zAk7IG3:it2zNLnxA1+66Z5WoDYsHs6g3P0zAk7z |
TLSH: | 28155E139A944569D476C034C9C28607CA7178921B25B9CF03A85B09BFAFBF43B7D73A |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....t.e.........." ......................................................................`A....................................... |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x18005efa0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0x65BA74B4 [Wed Jan 31 16:26:28 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 49ed29c3ff417b26c7cd92ecc9b7dcb3 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F4149346FB7h |
call 00007F4149346FD4h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F4149346E38h |
int3 |
int3 |
int3 |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [0007A034h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007F4149347026h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [00070726h] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [00070668h] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [00070654h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [000707BCh] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xcd018 | 0x213c | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xcf154 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xed000 | 0x2c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xde000 | 0x714c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xee000 | 0xd4c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xcb39c | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xcb280 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x9a140 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xcf5a0 | 0x3f8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x98c56 | 0x98e00 | 7d9459c034a2b1e77524de6601155da1 | False | 0.4289464942763696 | data | 6.428057492996419 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9a000 | 0x3ec24 | 0x3ee00 | 48da9fc4753d70b961a0d1a3f98930cd | False | 0.28377780193836977 | data | 5.872584339924801 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xd9000 | 0x4d08 | 0x2000 | 85cd634b0cd291bef9250c92b0b07ec5 | False | 0.135986328125 | data | 3.7115356666419217 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xde000 | 0x714c | 0x7200 | eac2c977073d252368a24ecff480d0e6 | False | 0.45405016447368424 | data | 5.697387191345565 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.00cfg | 0xe6000 | 0x38 | 0x200 | 0eabc74ee2b74be0000d5307c6bfc109 | False | 0.07421875 | data | 0.5091857957461216 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gxfg | 0xe7000 | 0x2850 | 0x2a00 | f7f00c585fb61b195ca74ce323e3c88a | False | 0.41824776785714285 | data | 5.0826292433871645 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.retplne | 0xea000 | 0x8c | 0x200 | 8c950f651287cbc1296bcb4e8cd7e990 | False | 0.126953125 | data | 1.050583247971927 | |
.tls | 0xeb000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
_RDATA | 0xec000 | 0x15c | 0x200 | 0dc89475c6b7258f116c09e2902e949c | False | 0.41015625 | data | 3.3020016390485534 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xed000 | 0x2c8 | 0x400 | 3989971319ec05c0ebf165ce2cdf2c89 | False | 0.318359375 | data | 2.4313997086474464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xee000 | 0xd4c | 0xe00 | b202b89afd3f26da910e8dfc7e3cb950 | False | 0.45926339285714285 | data | 5.334857138296712 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xed060 | 0x268 | MS Windows COFF Motorola 68000 object file | English | United States | 0.47564935064935066 |
DLL | Import |
---|---|
KERNEL32.dll | AcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateEventW, CreateFileW, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetFileAttributesExW, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemTimeAsFileTime, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, InterlockedFlushSList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, MultiByteToWideChar, OutputDebugStringA, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, ResetEvent, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile |
ADVAPI32.dll | GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, OpenProcessToken, RegCloseKey, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA |
CFGMGR32.dll | CM_Get_Child, CM_Get_DevNode_Registry_PropertyW, CM_Get_DevNode_Status, CM_Get_Device_IDW, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, CM_Get_Sibling, CM_Locate_DevNodeW, CM_Open_DevNode_Key |
Name | Ordinal | Address |
---|---|---|
vkAcquireNextImage2KHR | 1 | 0x1800428b0 |
vkAcquireNextImageKHR | 2 | 0x180041730 |
vkAllocateCommandBuffers | 3 | 0x180032e70 |
vkAllocateDescriptorSets | 4 | 0x180032a50 |
vkAllocateMemory | 5 | 0x1800315e0 |
vkBeginCommandBuffer | 6 | 0x180032f60 |
vkBindBufferMemory | 7 | 0x180031810 |
vkBindBufferMemory2 | 8 | 0x1800346d0 |
vkBindImageMemory | 9 | 0x180031860 |
vkBindImageMemory2 | 10 | 0x180034730 |
vkCmdBeginQuery | 11 | 0x180033d40 |
vkCmdBeginRenderPass | 12 | 0x180033f80 |
vkCmdBeginRenderPass2 | 13 | 0x180034d40 |
vkCmdBeginRendering | 14 | 0x1800351f0 |
vkCmdBindDescriptorSets | 15 | 0x180033440 |
vkCmdBindIndexBuffer | 16 | 0x1800334a0 |
vkCmdBindPipeline | 17 | 0x180033080 |
vkCmdBindVertexBuffers | 18 | 0x180033500 |
vkCmdBindVertexBuffers2 | 19 | 0x180035230 |
vkCmdBlitImage | 20 | 0x180033860 |
vkCmdBlitImage2 | 21 | 0x180035270 |
vkCmdClearAttachments | 22 | 0x180033b00 |
vkCmdClearColorImage | 23 | 0x180033a40 |
vkCmdClearDepthStencilImage | 24 | 0x180033aa0 |
vkCmdCopyBuffer | 25 | 0x1800337a0 |
vkCmdCopyBuffer2 | 26 | 0x1800352b0 |
vkCmdCopyBufferToImage | 27 | 0x1800338c0 |
vkCmdCopyBufferToImage2 | 28 | 0x1800352f0 |
vkCmdCopyImage | 29 | 0x180033800 |
vkCmdCopyImage2 | 30 | 0x180035330 |
vkCmdCopyImageToBuffer | 31 | 0x180033920 |
vkCmdCopyImageToBuffer2 | 32 | 0x180035370 |
vkCmdCopyQueryPoolResults | 33 | 0x180033ec0 |
vkCmdDispatch | 34 | 0x1800336e0 |
vkCmdDispatchBase | 35 | 0x180034850 |
vkCmdDispatchIndirect | 36 | 0x180033740 |
vkCmdDraw | 37 | 0x180033560 |
vkCmdDrawIndexed | 38 | 0x1800335c0 |
vkCmdDrawIndexedIndirect | 39 | 0x180033680 |
vkCmdDrawIndexedIndirectCount | 40 | 0x180034ec0 |
vkCmdDrawIndirect | 41 | 0x180033620 |
vkCmdDrawIndirectCount | 42 | 0x180034e60 |
vkCmdEndQuery | 43 | 0x180033da0 |
vkCmdEndRenderPass | 44 | 0x180034040 |
vkCmdEndRenderPass2 | 45 | 0x180034e00 |
vkCmdEndRendering | 46 | 0x1800353b0 |
vkCmdExecuteCommands | 47 | 0x1800340a0 |
vkCmdFillBuffer | 48 | 0x1800339e0 |
vkCmdNextSubpass | 49 | 0x180033fe0 |
vkCmdNextSubpass2 | 50 | 0x180034da0 |
vkCmdPipelineBarrier | 51 | 0x180033ce0 |
vkCmdPipelineBarrier2 | 52 | 0x1800353f0 |
vkCmdPushConstants | 53 | 0x180033f20 |
vkCmdResetEvent | 54 | 0x180033c20 |
vkCmdResetEvent2 | 55 | 0x180035430 |
vkCmdResetQueryPool | 56 | 0x180033e00 |
vkCmdResolveImage | 57 | 0x180033b60 |
vkCmdResolveImage2 | 58 | 0x180035470 |
vkCmdSetBlendConstants | 59 | 0x180033260 |
vkCmdSetCullMode | 60 | 0x1800354b0 |
vkCmdSetDepthBias | 61 | 0x180033200 |
vkCmdSetDepthBiasEnable | 62 | 0x1800354f0 |
vkCmdSetDepthBounds | 63 | 0x1800332c0 |
vkCmdSetDepthBoundsTestEnable | 64 | 0x180035530 |
vkCmdSetDepthCompareOp | 65 | 0x180035570 |
vkCmdSetDepthTestEnable | 66 | 0x1800355b0 |
vkCmdSetDepthWriteEnable | 67 | 0x1800355f0 |
vkCmdSetDeviceMask | 68 | 0x1800347f0 |
vkCmdSetEvent | 69 | 0x180033bc0 |
vkCmdSetEvent2 | 70 | 0x180035630 |
vkCmdSetFrontFace | 71 | 0x180035670 |
vkCmdSetLineWidth | 72 | 0x1800331a0 |
vkCmdSetPrimitiveRestartEnable | 73 | 0x1800356b0 |
vkCmdSetPrimitiveTopology | 74 | 0x1800356f0 |
vkCmdSetRasterizerDiscardEnable | 75 | 0x180035730 |
vkCmdSetScissor | 76 | 0x180033140 |
vkCmdSetScissorWithCount | 77 | 0x180035770 |
vkCmdSetStencilCompareMask | 78 | 0x180033320 |
vkCmdSetStencilOp | 79 | 0x1800357b0 |
vkCmdSetStencilReference | 80 | 0x1800333e0 |
vkCmdSetStencilTestEnable | 81 | 0x1800357f0 |
vkCmdSetStencilWriteMask | 82 | 0x180033380 |
vkCmdSetViewport | 83 | 0x1800330e0 |
vkCmdSetViewportWithCount | 84 | 0x180035830 |
vkCmdUpdateBuffer | 85 | 0x180033980 |
vkCmdWaitEvents | 86 | 0x180033c80 |
vkCmdWaitEvents2 | 87 | 0x180035870 |
vkCmdWriteTimestamp | 88 | 0x180033e60 |
vkCmdWriteTimestamp2 | 89 | 0x1800358b0 |
vkCreateBuffer | 90 | 0x180032030 |
vkCreateBufferView | 91 | 0x1800320f0 |
vkCreateCommandPool | 92 | 0x180032d50 |
vkCreateComputePipelines | 93 | 0x180032630 |
vkCreateDescriptorPool | 94 | 0x180032930 |
vkCreateDescriptorSetLayout | 95 | 0x180032870 |
vkCreateDescriptorUpdateTemplate | 96 | 0x180034bc0 |
vkCreateDevice | 97 | 0x1800311d0 |
vkCreateDisplayModeKHR | 98 | 0x180042040 |
vkCreateDisplayPlaneSurfaceKHR | 99 | 0x180042200 |
vkCreateEvent | 100 | 0x180031d30 |
vkCreateFence | 101 | 0x180031a90 |
vkCreateFramebuffer | 102 | 0x180032b70 |
vkCreateGraphicsPipelines | 103 | 0x1800325d0 |
vkCreateHeadlessSurfaceEXT | 104 | 0x180041ac0 |
vkCreateImage | 105 | 0x1800321b0 |
vkCreateImageView | 106 | 0x1800322d0 |
vkCreateInstance | 107 | 0x180030750 |
vkCreatePipelineCache | 108 | 0x180032450 |
vkCreatePipelineLayout | 109 | 0x1800326f0 |
vkCreatePrivateDataSlot | 110 | 0x1800358f0 |
vkCreateQueryPool | 111 | 0x180031f10 |
vkCreateRenderPass | 112 | 0x180032c30 |
vkCreateRenderPass2 | 113 | 0x180034ce0 |
vkCreateSampler | 114 | 0x1800327b0 |
vkCreateSamplerYcbcrConversion | 115 | 0x180034aa0 |
vkCreateSemaphore | 116 | 0x180031c70 |
vkCreateShaderModule | 117 | 0x180032390 |
vkCreateSharedSwapchainsKHR | 118 | 0x180042430 |
vkCreateSwapchainKHR | 119 | 0x1800414a0 |
vkCreateWin32SurfaceKHR | 120 | 0x1800417f0 |
vkDestroyBuffer | 121 | 0x180032090 |
vkDestroyBufferView | 122 | 0x180032150 |
vkDestroyCommandPool | 123 | 0x180032db0 |
vkDestroyDescriptorPool | 124 | 0x180032990 |
vkDestroyDescriptorSetLayout | 125 | 0x1800328d0 |
vkDestroyDescriptorUpdateTemplate | 126 | 0x180034c20 |
vkDestroyDevice | 127 | 0x180031260 |
vkDestroyEvent | 128 | 0x180031d90 |
vkDestroyFence | 129 | 0x180031af0 |
vkDestroyFramebuffer | 130 | 0x180032bd0 |
vkDestroyImage | 131 | 0x180032210 |
vkDestroyImageView | 132 | 0x180032330 |
vkDestroyInstance | 133 | 0x180030d20 |
vkDestroyPipeline | 134 | 0x180032690 |
vkDestroyPipelineCache | 135 | 0x1800324b0 |
vkDestroyPipelineLayout | 136 | 0x180032750 |
vkDestroyPrivateDataSlot | 137 | 0x180035930 |
vkDestroyQueryPool | 138 | 0x180031f70 |
vkDestroyRenderPass | 139 | 0x180032c90 |
vkDestroySampler | 140 | 0x180032810 |
vkDestroySamplerYcbcrConversion | 141 | 0x180034b00 |
vkDestroySemaphore | 142 | 0x180031cd0 |
vkDestroyShaderModule | 143 | 0x1800323f0 |
vkDestroySurfaceKHR | 144 | 0x180040f30 |
vkDestroySwapchainKHR | 145 | 0x180041670 |
vkDeviceWaitIdle | 146 | 0x180031590 |
vkEndCommandBuffer | 147 | 0x180032fc0 |
vkEnumerateDeviceExtensionProperties | 148 | 0x1800312f0 |
vkEnumerateDeviceLayerProperties | 149 | 0x180031380 |
vkEnumerateInstanceExtensionProperties | 150 | 0x18002fff0 |
vkEnumerateInstanceLayerProperties | 151 | 0x180030260 |
vkEnumerateInstanceVersion | 152 | 0x1800304d0 |
vkEnumeratePhysicalDeviceGroups | 153 | 0x180034100 |
vkEnumeratePhysicalDevices | 154 | 0x180030ec0 |
vkFlushMappedMemoryRanges | 155 | 0x180031720 |
vkFreeCommandBuffers | 156 | 0x180032f00 |
vkFreeDescriptorSets | 157 | 0x180032ab0 |
vkFreeMemory | 158 | 0x180031630 |
vkGetBufferDeviceAddress | 159 | 0x180035040 |
vkGetBufferMemoryRequirements | 160 | 0x1800318b0 |
vkGetBufferMemoryRequirements2 | 161 | 0x180034910 |
vkGetBufferOpaqueCaptureAddress | 162 | 0x1800350a0 |
vkGetDescriptorSetLayoutSupport | 163 | 0x180034b60 |
vkGetDeviceBufferMemoryRequirements | 164 | 0x180035970 |
vkGetDeviceGroupPeerMemoryFeatures | 165 | 0x180034790 |
vkGetDeviceGroupPresentCapabilitiesKHR | 166 | 0x180042630 |
vkGetDeviceGroupSurfacePresentModesKHR | 167 | 0x180042690 |
vkGetDeviceImageMemoryRequirements | 168 | 0x1800359b0 |
vkGetDeviceImageSparseMemoryRequirements | 169 | 0x1800359f0 |
vkGetDeviceMemoryCommitment | 170 | 0x1800317c0 |
vkGetDeviceMemoryOpaqueCaptureAddress | 171 | 0x180035100 |
vkGetDeviceProcAddr | 172 | 0x18002ff70 |
vkGetDeviceQueue | 173 | 0x180031480 |
vkGetDeviceQueue2 | 174 | 0x180034a30 |
vkGetDisplayModeProperties2KHR | 175 | 0x180042d10 |
vkGetDisplayModePropertiesKHR | 176 | 0x180041f60 |
vkGetDisplayPlaneCapabilities2KHR | 177 | 0x180042f30 |
vkGetDisplayPlaneCapabilitiesKHR | 178 | 0x180042110 |
vkGetDisplayPlaneSupportedDisplaysKHR | 179 | 0x180041e80 |
vkGetEventStatus | 180 | 0x180031df0 |
vkGetFenceStatus | 181 | 0x180031bb0 |
vkGetImageMemoryRequirements | 182 | 0x180031910 |
vkGetImageMemoryRequirements2 | 183 | 0x1800348b0 |
vkGetImageSparseMemoryRequirements | 184 | 0x180031970 |
vkGetImageSparseMemoryRequirements2 | 185 | 0x180034970 |
vkGetImageSubresourceLayout | 186 | 0x180032270 |
vkGetInstanceProcAddr | 187 | 0x18002fe60 |
vkGetPhysicalDeviceDisplayPlaneProperties2KHR | 188 | 0x180042b20 |
vkGetPhysicalDeviceDisplayPlanePropertiesKHR | 189 | 0x180041da0 |
vkGetPhysicalDeviceDisplayProperties2KHR | 190 | 0x180042910 |
vkGetPhysicalDeviceDisplayPropertiesKHR | 191 | 0x180041cc0 |
vkGetPhysicalDeviceExternalBufferProperties | 192 | 0x180034550 |
vkGetPhysicalDeviceExternalFenceProperties | 193 | 0x180034650 |
vkGetPhysicalDeviceExternalSemaphoreProperties | 194 | 0x1800345d0 |
vkGetPhysicalDeviceFeatures | 195 | 0x180030f90 |
vkGetPhysicalDeviceFeatures2 | 196 | 0x1800341d0 |
vkGetPhysicalDeviceFormatProperties | 197 | 0x180030ff0 |
vkGetPhysicalDeviceFormatProperties2 | 198 | 0x1800342d0 |
vkGetPhysicalDeviceImageFormatProperties | 199 | 0x180031050 |
vkGetPhysicalDeviceImageFormatProperties2 | 200 | 0x180034350 |
vkGetPhysicalDeviceMemoryProperties | 201 | 0x180031170 |
vkGetPhysicalDeviceMemoryProperties2 | 202 | 0x180034450 |
vkGetPhysicalDevicePresentRectanglesKHR | 203 | 0x1800427d0 |
vkGetPhysicalDeviceProperties | 204 | 0x1800310b0 |
vkGetPhysicalDeviceProperties2 | 205 | 0x180034250 |
vkGetPhysicalDeviceQueueFamilyProperties | 206 | 0x180031110 |
vkGetPhysicalDeviceQueueFamilyProperties2 | 207 | 0x1800343d0 |
vkGetPhysicalDeviceSparseImageFormatProperties | 208 | 0x1800319d0 |
vkGetPhysicalDeviceSparseImageFormatProperties2 | 209 | 0x1800344d0 |
vkGetPhysicalDeviceSurfaceCapabilities2KHR | 210 | 0x180043050 |
vkGetPhysicalDeviceSurfaceCapabilitiesKHR | 211 | 0x180041160 |
vkGetPhysicalDeviceSurfaceFormats2KHR | 212 | 0x180043290 |
vkGetPhysicalDeviceSurfaceFormatsKHR | 213 | 0x180041280 |
vkGetPhysicalDeviceSurfacePresentModesKHR | 214 | 0x180041390 |
vkGetPhysicalDeviceSurfaceSupportKHR | 215 | 0x180041050 |
vkGetPhysicalDeviceToolProperties | 216 | 0x1800351c0 |
vkGetPhysicalDeviceWin32PresentationSupportKHR | 217 | 0x180041a00 |
vkGetPipelineCacheData | 218 | 0x180032510 |
vkGetPrivateData | 219 | 0x180035a30 |
vkGetQueryPoolResults | 220 | 0x180031fd0 |
vkGetRenderAreaGranularity | 221 | 0x180032cf0 |
vkGetSemaphoreCounterValue | 222 | 0x180034f20 |
vkGetSwapchainImagesKHR | 223 | 0x1800416d0 |
vkInvalidateMappedMemoryRanges | 224 | 0x180031770 |
vkMapMemory | 225 | 0x180031680 |
vkMergePipelineCaches | 226 | 0x180032570 |
vkQueueBindSparse | 227 | 0x180031a30 |
vkQueuePresentKHR | 228 | 0x180041790 |
vkQueueSubmit | 229 | 0x1800314f0 |
vkQueueSubmit2 | 230 | 0x180035ab0 |
vkQueueWaitIdle | 231 | 0x180031540 |
vkResetCommandBuffer | 232 | 0x180033020 |
vkResetCommandPool | 233 | 0x180032e10 |
vkResetDescriptorPool | 234 | 0x1800329f0 |
vkResetEvent | 235 | 0x180031eb0 |
vkResetFences | 236 | 0x180031b50 |
vkResetQueryPool | 237 | 0x180035160 |
vkSetEvent | 238 | 0x180031e50 |
vkSetPrivateData | 239 | 0x180035a70 |
vkSignalSemaphore | 240 | 0x180034fe0 |
vkTrimCommandPool | 241 | 0x1800349d0 |
vkUnmapMemory | 242 | 0x1800316d0 |
vkUpdateDescriptorSetWithTemplate | 243 | 0x180034c80 |
vkUpdateDescriptorSets | 244 | 0x180032b10 |
vkWaitForFences | 245 | 0x180031c10 |
vkWaitSemaphores | 246 | 0x180034f80 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:40:21 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69ffc0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 1 |
Start time: | 14:40:21 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:40:21 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f0850000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:40:21 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:40:21 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 14:40:22 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff718b90000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 14:40:22 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff718b90000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 14:40:25 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 14:40:25 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff718b90000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 14:40:28 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 14:40:28 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff718b90000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 21 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 14:40:31 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 33 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 35 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 36 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 40 |
Start time: | 14:40:32 |
Start date: | 24/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a9480000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A8000 Relevance: 25.7, APIs: 9, Strings: 5, Instructions: 1226COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2234F0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 245COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2AA5B4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF29AF84 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF222613 Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2829D0 Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF28B7E8 Relevance: .3, Instructions: 339COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF283A58 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF282420 Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2834C0 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF294C28 Relevance: .2, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF29D204 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2ABA14 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF284804 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF284E10 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF284600 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF284C0C Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2843FC Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF284A08 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF295740 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF28D3B4 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2219B0 Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF24C070 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 248COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF29B5BC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A7364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2902D8 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2ACC28 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A4AD0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF29FAC8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2AA634 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF28B148 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A3D6C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A5AB4 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2A5168 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF27F144 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |