Windows
Analysis Report
SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe (PID: 936 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. BACKDOOR.T rojan.1607 6.5082.exe " MD5: 64A34C1DA55F5CA2FE610703986FDED7)
- cleanup
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Code function: | 0_2_005FA560 |
Source: | Code function: | 0_2_00655840 | |
Source: | Code function: | 0_2_00669020 | |
Source: | Code function: | 0_2_0060D8D0 | |
Source: | Code function: | 0_2_004080B8 | |
Source: | Code function: | 0_2_00528950 | |
Source: | Code function: | 0_2_0055C940 | |
Source: | Code function: | 0_2_00593930 | |
Source: | Code function: | 0_2_005599B0 | |
Source: | Code function: | 0_2_00652180 | |
Source: | Code function: | 0_2_0056EAE0 | |
Source: | Code function: | 0_2_005812B0 | |
Source: | Code function: | 0_2_0063FB40 | |
Source: | Code function: | 0_2_005E5BA0 | |
Source: | Code function: | 0_2_0066B450 | |
Source: | Code function: | 0_2_00677DE0 | |
Source: | Code function: | 0_2_00556DF0 | |
Source: | Code function: | 0_2_0053C580 | |
Source: | Code function: | 0_2_00586E90 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040A4F9 | |
Source: | Code function: | 0_2_0040910D | |
Source: | Code function: | 0_2_004064A1 | |
Source: | Code function: | 0_2_00407CA9 | |
Source: | Code function: | 0_2_00407CAD | |
Source: | Code function: | 0_2_00407CB1 | |
Source: | Code function: | 0_2_00404DC9 |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 0_2_0066B450 |
Source: | API coverage: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Binary or memory string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | 1 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | |||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431447 |
Start date and time: | 2024-04-25 05:32:58 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe |
Detection: | MAL |
Classification: | mal52.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com
- Report size exceeded maximum capacity and may have missing disassembly code.
File type: | |
Entropy (8bit): | 6.115553145001247 |
TrID: |
|
File name: | SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe |
File size: | 2'931'336 bytes |
MD5: | 64a34c1da55f5ca2fe610703986fded7 |
SHA1: | 5d4ea6d1563ad3e43ad689162f1abdd76f6e35db |
SHA256: | 2df9436f1b6d32141309c78a4401c1c8cb6c6de8d23ff28873fb6a5a12bfaf1d |
SHA512: | 6996019f49e1cb7061fe2511655734d3f7be117921c3228f721141a2866ad55addcff1cf1e3481f760dab2f11974a349cbe311b860143f1f69d8c240a9fdeac2 |
SSDEEP: | 49152:PZ+ps0w8MpFatQEa+RnopCrSVJa0/tSqZfGnY1JClurdBEYlY2QaH:PTh8MBEopCrSVJa0/tSqZfGnY1JjrdB9 |
TLSH: | 46D5C722E680914FE672C9F0B5B4D56669173E321698A44BB3C12E4F31727D7F8A432F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........B............4.......................Rich............PE..L...w:.R................. +.........(E.......0+...@................ |
Icon Hash: | 8e96868e8e8eccce |
Entrypoint: | 0x424528 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x52B33A77 [Thu Dec 19 18:27:03 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b81fdd9aec1d97fa8034605b33095794 |
Signature Valid: | false |
Signature Issuer: | CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL |
Signature Validation Error: | A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file |
Error Number: | -2146762495 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 3BBC60BE8DFEB5640F06CE2A6A3241D7 |
Thumbprint SHA-1: | 5A117187BD5C360764F66E37C47958D94EA295FF |
Thumbprint SHA-256: | B345BF99D3037AEF50BFB1FD74AE3B74688943C424BACF1CBCAFED83EA455CBD |
Serial: | 095B |
Instruction |
---|
push 004251ACh |
call 00007FDC491291F5h |
add byte ptr [eax], al |
push eax |
add byte ptr [eax], al |
add byte ptr [eax], dh |
add byte ptr [eax], al |
add byte ptr [eax+00h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
or al, 86h |
xor dword ptr [edi+48FAEAEAh], esp |
mov eax, 8A372E4Dh |
adc eax, 00005B6Fh |
add byte ptr [eax], al |
add byte ptr [eax], al |
add eax, dword ptr [eax] |
adc al, byte ptr [eax] |
inc ecx |
add byte ptr [esi+41018250h], al |
insb |
outsd |
popad |
push 65724361h |
outsb |
je 00007FDC4912926Bh |
popad |
insb |
jnc 00007FDC49129202h |
add byte ptr [eax], al |
add bl, ah |
or dword ptr [ebx], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
mov eax, 98000001h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edx], al |
add byte ptr [eax], al |
add byte ptr [ecx], dh |
add byte ptr [eax], al |
add byte ptr [eax-43h], bl |
sar byte ptr [eax], 00000001h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2b1234 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2ba000 | 0x15933 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2ca000 | 0x1a88 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x474 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2b13f4 | 0x2b2000 | e0294e6b3b10b3c99a1f051a9c256e44 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x2b3000 | 0x60cc | 0x1000 | 620f0b67a91f7f74151bc5be745b7110 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x2ba000 | 0x15933 | 0x16000 | 6f9518a01e42cae9dd0a2dcf062f1278 | False | 0.6529651988636364 | data | 6.6252864373119555 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
TYPELIB | 0x2ca0cf | 0x5864 | data | 0.389649991161393 | ||
_IID_CRYPTOAPI | 0x2c9f43 | 0x64 | data | 1.11 | ||
_IID_HASH | 0x2c9f2f | 0x14 | data | 1.45 | ||
_IID_PROVIDER | 0x2c9fbb | 0x114 | a.out VAX demand paged (first page unmapped) pure executable not stripped | 1.039855072463768 | ||
_IID_SAVERCLASS | 0x2c9fa7 | 0x14 | data | 1.45 | ||
RT_ICON | 0x2c9c47 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | 0.532258064516129 | ||
RT_ICON | 0x2c9b1f | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | 0.5878378378378378 | ||
RT_ICON | 0x2c7e77 | 0x1ca8 | Device independent bitmap graphic, 48 x 96 x 24, image size 0 | 0.5273991275899673 | ||
RT_ICON | 0x2c71cf | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 0 | 0.6466049382716049 | ||
RT_ICON | 0x2c6e67 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 0 | 0.8509174311926605 | ||
RT_ICON | 0x2becaa | 0x81bd | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9895823924366964 | ||
RT_ICON | 0x2bc702 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.4266597510373444 | ||
RT_ICON | 0x2bb65a | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.5286116322701688 | ||
RT_ICON | 0x2bacd2 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.6184426229508196 | ||
RT_ICON | 0x2ba86a | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.7553191489361702 | ||
RT_GROUP_ICON | 0x2ba7d8 | 0x92 | data | 0.7808219178082192 | ||
RT_VERSION | 0x2ba480 | 0x358 | data | English | United States | 0.4158878504672897 |
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaR8FixI4, __vbaVarSub, __vbaVarTstGt, __vbaStrI2, __vbaNextEachAry, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaRedimPreserveVar, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaLateIdCall, __vbaStrVarMove, __vbaVarIdiv, __vbaFreeVarList, _adj_fdiv_m64, __vbaFpCDblR8, __vbaAryRecMove, __vbaVarIndexStore, __vbaNextEachVar, __vbaFreeObjList, __vbaVarIndexLoadRef, __vbaStrErrVarCopy, _adj_fprem1, __vbaRecAnsiToUni, __vbaI2Abs, __vbaCopyBytes, __vbaResume, __vbaForEachCollAd, __vbaVarCmpNe, __vbaStrCat, __vbaError, __vbaBoolErrVar, __vbaLsetFixstr, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, __vbaVargVarCopy, __vbaLenVar, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaVarIndexLoadRefLock, __vbaLateMemSt, __vbaBoolStr, __vbaStrBool, __vbaVarForInit, __vbaExitProc, __vbaI4Abs, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaVarIndexStoreObj, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaStrFixstr, __vbaBoolVar, __vbaVargVar, __vbaVarTstLt, __vbaFpR8, __vbaRefVarAry, __vbaBoolVarNull, _CIsin, __vbaErase, __vbaVargVarMove, __vbaVarZero, __vbaVarCmpGt, __vbaChkstk, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, __vbaVarAbs, __vbaGenerateBoundsError, __vbaExitEachColl, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaDateR8, __vbaObjVar, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaVarOr, __vbaFpUI1, __vbaCastObjVar, __vbaStrR4, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim, __vbaUI1ErrVar, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, __vbaUI1I2, _CIsqrt, __vbaRedimVar, __vbaObjIs, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaStrUI1, __vbaVarMul, __vbaUI1I4, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, __vbaR4ErrVar, __vbaExitEachAry, __vbaDateStr, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaVarDiv, __vbaGosub, __vbaR8ErrVar, __vbaFPException, __vbaInStrVar, __vbaGetOwner3, __vbaStrVarVal, __vbaUbound, __vbaVarCat, __vbaDateVar, __vbaLsetFixstrFree, __vbaI2Var, __vbaExitEachVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaR8Str, __vbaVarLateMemCallLdRf, __vbaVar2Vec, __vbaNew2, __vbaInStr, __vbaCyMulI2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaVarCmpLt, __vbaFreeStrList, _adj_fdivr_m32, __vbaR8Var, __vbaPowerR8, _adj_fdiv_r, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaForEachAry, __vbaVarCmpEq, __vbaVarAdd, __vbaLateMemCall, __vbaAryLock, __vbaStrComp, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaVarMod, __vbaUnkVar, __vbaVarTstGe, __vbaVarLateMemCallLd, __vbaFpI4, __vbaVarCopy, __vbaVarSetObjAddref, __vbaRecDestructAnsi, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, __vbaUI1Str, __vbaI2ErrVar, __vbaCastObj, __vbaStrMove, __vbaAryCopy, __vbaR8IntI4, __vbaForEachVar, __vbaStrVarCopy, _allmul, __vbaLateIdSt, __vbaLateMemCallSt, __vbaAryRecCopy, _CItan, __vbaNextEachCollAd, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaRecAssign, __vbaI4ErrVar, __vbaFreeObj, __vbaFreeStr |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 05:33:47 |
Start date: | 25/04/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.BACKDOOR.Trojan.16076.5082.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'931'336 bytes |
MD5 hash: | 64A34C1DA55F5CA2FE610703986FDED7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.7% |
Total number of Nodes: | 221 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0066B450 Relevance: 2492.9, APIs: 1365, Strings: 54, Instructions: 9679COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060D8D0 Relevance: 1792.5, APIs: 967, Strings: 53, Instructions: 7529COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00655840 Relevance: 1101.8, APIs: 592, Strings: 35, Instructions: 4594COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00669020 Relevance: 562.2, APIs: 303, Strings: 17, Instructions: 2204COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00528950 Relevance: 317.9, APIs: 177, Strings: 4, Instructions: 1153COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004080B8 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00579C30 Relevance: 269.9, APIs: 108, Strings: 46, Instructions: 449COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00694CB0 Relevance: 152.7, APIs: 75, Strings: 12, Instructions: 474COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0062D8E0 Relevance: 126.4, APIs: 61, Strings: 11, Instructions: 411COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006474F0 Relevance: 126.4, APIs: 60, Strings: 12, Instructions: 365COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00567800 Relevance: 121.2, APIs: 58, Strings: 11, Instructions: 405COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BF880 Relevance: 115.9, APIs: 59, Strings: 7, Instructions: 399fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0069B030 Relevance: 110.6, APIs: 52, Strings: 11, Instructions: 345COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0064C8B0 Relevance: 94.8, APIs: 63, Instructions: 322COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00531870 Relevance: 60.3, APIs: 40, Instructions: 330COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054CC80 Relevance: 54.2, APIs: 36, Instructions: 219COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00619C30 Relevance: 34.7, APIs: 23, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0053BCE0 Relevance: 25.7, APIs: 17, Instructions: 197COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00584400 Relevance: 25.6, APIs: 17, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D1030 Relevance: 24.1, APIs: 16, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0055ECF0 Relevance: 24.1, APIs: 16, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057F950 Relevance: 21.1, APIs: 14, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00606460 Relevance: 16.6, APIs: 11, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00535410 Relevance: 15.1, APIs: 10, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006338E0 Relevance: 13.6, APIs: 9, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00539800 Relevance: 12.1, APIs: 8, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00531CA0 Relevance: 10.6, APIs: 7, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006048F0 Relevance: 9.1, APIs: 6, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BD8D0 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0059EC00 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0052D070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00600400 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00624840 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D40F0 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |