Windows
Analysis Report
SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe
Overview
General Information
Detection
Score: | 16 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
- System is w10x64
- SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe (PID: 6284 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.ABRisk .NJSZ-2550 .30267.882 3.exe" MD5: 0D8BEDDA7D9B963DE975685CF2B2A5EB) - SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp (PID: 6548 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-6FO PC.tmp\Sec uriteInfo. com.W32.AB Risk.NJSZ- 2550.30267 .8823.tmp" /SL5="$20 438,409228 7,121344,C :\Users\us er\Desktop \SecuriteI nfo.com.W3 2.ABRisk.N JSZ-2550.3 0267.8823. exe" MD5: 90FC739C83CD19766ACB562C66A7D0E2) - Bat_To_Exe_Converter.exe (PID: 6128 cmdline:
"C:\Progra m Files\Ba t To Exe C onverter\B at_To_Exe_ Converter. exe" MD5: E3D6B93E861FEEFA47CCEEAE03E99094)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security |
Click to jump to signature section
Source: | Code function: | 5_2_00000001400A2380 | |
Source: | Code function: | 5_2_000000014009AF20 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Window detected: | ||
Source: | Window detected: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 5_2_000000014004BD20 | |
Source: | Code function: | 5_2_000000014004C040 | |
Source: | Code function: | 5_2_000000014004C434 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 5_2_0000000140060084 |
Source: | Code function: | 5_2_0000000140397EB4 | |
Source: | Code function: | 5_2_000000014005FFD0 | |
Source: | Code function: | 5_2_00007FFDFF1E8224 |
Source: | Code function: | 5_2_0000000140060084 |
Source: | Code function: | 5_2_000000014005DC08 | |
Source: | Code function: | 5_2_00007FFDFF1E59F8 |
Source: | Code function: | 5_2_000000014005D068 | |
Source: | Code function: | 5_2_0000000140059267 | |
Source: | Code function: | 5_2_000000014005A27C | |
Source: | Code function: | 5_2_0000000140057E94 | |
Source: | Code function: | 5_2_0000000140054030 | |
Source: | Code function: | 5_2_000000014005E0CC | |
Source: | Code function: | 5_2_0000000140055520 | |
Source: | Code function: | 5_2_00000001400526C8 | |
Source: | Code function: | 5_2_0000000140055744 | |
Source: | Code function: | 5_2_0000000140397D84 |
Source: | Code function: | 5_2_0000000140001000 | |
Source: | Code function: | 5_2_000000014005D138 | |
Source: | Code function: | 5_2_00000001400451E8 | |
Source: | Code function: | 5_2_0000000140042388 | |
Source: | Code function: | 5_2_0000000140084030 | |
Source: | Code function: | 5_2_00000001400CC040 | |
Source: | Code function: | 5_2_0000000140085050 | |
Source: | Code function: | 5_2_00000001400570C4 | |
Source: | Code function: | 5_2_000000014006012C | |
Source: | Code function: | 5_2_000000014008015E | |
Source: | Code function: | 5_2_0000000140064258 | |
Source: | Code function: | 5_2_00000001400CA2F0 | |
Source: | Code function: | 5_2_00000001400803D5 | |
Source: | Code function: | 5_2_000000014005F444 | |
Source: | Code function: | 5_2_000000014007D4D0 | |
Source: | Code function: | 5_2_00000001400CB5C0 | |
Source: | Code function: | 5_2_00000001400D75F0 | |
Source: | Code function: | 5_2_00000001400766A0 | |
Source: | Code function: | 5_2_00000001400526C8 | |
Source: | Code function: | 5_2_000000014005B6CC | |
Source: | Code function: | 5_2_00000001400576E8 | |
Source: | Code function: | 5_2_00000001400856F0 | |
Source: | Code function: | 5_2_00000001400447C0 | |
Source: | Code function: | 5_2_000000014004788C | |
Source: | Code function: | 5_2_00000001400F9930 | |
Source: | Code function: | 5_2_0000000140079950 | |
Source: | Code function: | 5_2_0000000140084980 | |
Source: | Code function: | 5_2_0000000140065A20 | |
Source: | Code function: | 5_2_0000000140079A30 | |
Source: | Code function: | 5_2_000000014007FACD | |
Source: | Code function: | 5_2_00000001400FBAF0 | |
Source: | Code function: | 5_2_00000001400D6B50 | |
Source: | Code function: | 5_2_00000001400C9C20 | |
Source: | Code function: | 5_2_000000014007FC65 | |
Source: | Code function: | 5_2_0000000140083CA0 | |
Source: | Code function: | 5_2_0000000140083CB0 | |
Source: | Code function: | 5_2_000000014006BCB0 | |
Source: | Code function: | 5_2_0000000140075E00 | |
Source: | Code function: | 5_2_0000000140073E60 | |
Source: | Code function: | 5_2_000000014009AF20 | |
Source: | Code function: | 5_2_000000014004EF58 | |
Source: | Code function: | 5_2_0000000140047FC8 | |
Source: | Code function: | 5_2_000000014006DFD4 | |
Source: | Code function: | 5_2_00007FFDFF1E59F8 | |
Source: | Code function: | 5_2_00007FFDFF1CE214 | |
Source: | Code function: | 5_2_00007FFDFF21FF9C | |
Source: | Code function: | 5_2_00007FFDFF1D3FBC | |
Source: | Code function: | 5_2_00007FFDFF22AFA4 | |
Source: | Code function: | 5_2_00007FFDFF224020 | |
Source: | Code function: | 5_2_00007FFDFF20EE70 | |
Source: | Code function: | 5_2_00007FFDFF1F9EC0 | |
Source: | Code function: | 5_2_00007FFDFF1DCF48 | |
Source: | Code function: | 5_2_00007FFDFF1EADD4 | |
Source: | Code function: | 5_2_00007FFDFF22BDE4 | |
Source: | Code function: | 5_2_00007FFDFF1F4E54 | |
Source: | Code function: | 5_2_00007FFDFF235E38 | |
Source: | Code function: | 5_2_00007FFDFF21DC84 | |
Source: | Code function: | 5_2_00007FFDFF21CC88 | |
Source: | Code function: | 5_2_00007FFDFF215B94 | |
Source: | Code function: | 5_2_00007FFDFF1F1B94 | |
Source: | Code function: | 5_2_00007FFDFF22EB70 | |
Source: | Code function: | 5_2_00007FFDFF1CCB70 | |
Source: | Code function: | 5_2_00007FFDFF1FDBB4 | |
Source: | Code function: | 5_2_00007FFDFF1DFA80 | |
Source: | Code function: | 5_2_00007FFDFF1EDAA0 | |
Source: | Code function: | 5_2_00007FFDFF20FAEC | |
Source: | Code function: | 5_2_00007FFDFF211B58 | |
Source: | Code function: | 5_2_00007FFDFF203B54 | |
Source: | Code function: | 5_2_00007FFDFF20CB48 | |
Source: | Code function: | 5_2_00007FFDFF1C6B24 | |
Source: | Code function: | 5_2_00007FFDFF1FF9C8 | |
Source: | Code function: | 5_2_00007FFDFF20BA2C | |
Source: | Code function: | 5_2_00007FFDFF1FE87C | |
Source: | Code function: | 5_2_00007FFDFF21B8C0 | |
Source: | Code function: | 5_2_00007FFDFF1EE8F0 | |
Source: | Code function: | 5_2_00007FFDFF1DF8F0 | |
Source: | Code function: | 5_2_00007FFDFF1F0920 | |
Source: | Code function: | 5_2_00007FFDFF21993C | |
Source: | Code function: | 5_2_00007FFDFF20979C | |
Source: | Code function: | 5_2_00007FFDFF1F5794 | |
Source: | Code function: | 5_2_00007FFDFF22A768 | |
Source: | Code function: | 5_2_00007FFDFF21D7DC | |
Source: | Code function: | 5_2_00007FFDFF1EB7F8 | |
Source: | Code function: | 5_2_00007FFDFF22970C | |
Source: | Code function: | 5_2_00007FFDFF2026E0 | |
Source: | Code function: | 5_2_00007FFDFF2226E8 | |
Source: | Code function: | 5_2_00007FFDFF1F4740 | |
Source: | Code function: | 5_2_00007FFDFF1EF720 | |
Source: | Code function: | 5_2_00007FFDFF20D590 | |
Source: | Code function: | 5_2_00007FFDFF214598 | |
Source: | Code function: | 5_2_00007FFDFF1F2598 | |
Source: | Code function: | 5_2_00007FFDFF1FB64C | |
Source: | Code function: | 5_2_00007FFDFF21A644 | |
Source: | Code function: | 5_2_00007FFDFF22764C | |
Source: | Code function: | 5_2_00007FFDFF23163C | |
Source: | Code function: | 5_2_00007FFDFF1FC49C | |
Source: | Code function: | 5_2_00007FFDFF210460 | |
Source: | Code function: | 5_2_00007FFDFF1E4504 | |
Source: | Code function: | 5_2_00007FFDFF21E3C0 | |
Source: | Code function: | 5_2_00007FFDFF2323AC | |
Source: | Code function: | 5_2_00007FFDFF228438 | |
Source: | Code function: | 5_2_00007FFDFF1CB260 | |
Source: | Code function: | 5_2_00007FFDFF1FF318 | |
Source: | Code function: | 5_2_00007FFDFF22530C | |
Source: | Code function: | 5_2_00007FFDFF2152EC | |
Source: | Code function: | 5_2_00007FFDFF1ED1C8 | |
Source: | Code function: | 5_2_00007FFDFF1F8200 | |
Source: | Code function: | 5_2_00007FFDFF1F71F0 | |
Source: | Code function: | 5_2_00007FFDFF235234 | |
Source: | Code function: | 5_2_00007FFDFF20A234 | |
Source: | Code function: | 5_2_00007FFDFF1FD098 | |
Source: | Code function: | 5_2_00007FFDFF1F10D0 | |
Source: | Code function: | 5_2_00007FFDFF23111C | |
Source: | Code function: | 5_2_00007FFDFF2010E8 | |
Source: | Code function: | 5_2_00007FFDFF209144 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 5_2_0000000140014D9A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Key value created or modified: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Window detected: | ||
Source: | Window detected: |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 5_2_000000014004C1BC |
Source: | Code function: | 5_2_0000000140075192 | |
Source: | Code function: | 5_2_0000000140075391 | |
Source: | Code function: | 5_2_000000014007538D | |
Source: | Code function: | 5_2_00000001400746EB | |
Source: | Code function: | 5_2_00000001400746F8 | |
Source: | Code function: | 5_2_0000000140074F00 | |
Source: | Code function: | 5_2_0000000140074F04 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 5_2_000000014005C6A8 | |
Source: | Code function: | 5_2_000000014005C6A8 | |
Source: | Code function: | 5_2_000000014005CE70 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_5-103273 |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 5_2_000000014004BD20 | |
Source: | Code function: | 5_2_000000014004C040 | |
Source: | Code function: | 5_2_000000014004C434 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_5-103407 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 5_2_00007FFDFF22DB70 |
Source: | Code function: | 5_2_000000014004C1BC |
Source: | Code function: | 5_2_00000001400471B0 | |
Source: | Code function: | 5_2_00007FFDFF22DB70 | |
Source: | Code function: | 5_2_00007FFDFF22F270 | |
Source: | Code function: | 5_2_00007FFDFF23212C |
Source: | Code function: | 5_2_00007FFDFF23605C | |
Source: | Code function: | 5_2_00007FFDFF1E5434 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 5_2_000000014005F8E4 |
Source: | Code function: | 5_2_00000001400439C8 |
Source: | Code function: | 5_2_000000014039813C |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 Windows Service | 1 Windows Service | 3 Masquerading | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Input Capture | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Native API | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 21 Obfuscated Files or Information | NTDS | 11 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Software Packing | LSA Secrets | 2 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 33 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
4% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
5% | ReversingLabs | |||
0% | Virustotal | Browse | ||
5% | ReversingLabs | |||
0% | Virustotal | Browse | ||
3% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
4% | ReversingLabs | |||
3% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431820 |
Start date and time: | 2024-04-25 20:39:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
Detection: | CLEAN |
Classification: | clean16.evad.winEXE@5/33@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2105856 |
Entropy (8bit): | 7.972220715342655 |
Encrypted: | false |
SSDEEP: | 49152:NOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugk:NraitzdAfBEa0AiLAbbO0ugk |
MD5: | E3D6B93E861FEEFA47CCEEAE03E99094 |
SHA1: | 94AC369EA396C6A4C23DDCFB41CFDFE81CE0B3DA |
SHA-256: | 55DF60E09826469E543C090198AC6A12E1269047A88ED698E25E6E62D83FF4C7 |
SHA-512: | 2C00287925DCB22B4BABD7C49E9035CCB92B895F123791EF361FF495B08D74FE1E9ADD54C1FCABD4DE3CD396FAAFECCBAE0C750913D911DBA6531F51AB126402 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2105856 |
Entropy (8bit): | 7.972220715342655 |
Encrypted: | false |
SSDEEP: | 49152:NOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugk:NraitzdAfBEa0AiLAbbO0ugk |
MD5: | E3D6B93E861FEEFA47CCEEAE03E99094 |
SHA1: | 94AC369EA396C6A4C23DDCFB41CFDFE81CE0B3DA |
SHA-256: | 55DF60E09826469E543C090198AC6A12E1269047A88ED698E25E6E62D83FF4C7 |
SHA-512: | 2C00287925DCB22B4BABD7C49E9035CCB92B895F123791EF361FF495B08D74FE1E9ADD54C1FCABD4DE3CD396FAAFECCBAE0C750913D911DBA6531F51AB126402 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1202385 |
Entropy (8bit): | 6.3676423528784865 |
Encrypted: | false |
SSDEEP: | 24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt1:3qTytRFk6ek1L2 |
MD5: | 628B00C12FAC5A7E788FDFD8A02244D1 |
SHA1: | 7C318E92F2AE8E77FBF3669C65D56E4691648CE3 |
SHA-256: | BBD0534581D5EF17243748536FD95C31031600017C97F1645E83E44F1A7B2E62 |
SHA-512: | 3061987D15DAF427824771DBEAA56692C51817EB814B52309EF061606892CB1A71DE7A4895CE33C6D38A313DC990ACEDED237F90D2202802BD02472E25A5EE49 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 4039 |
Entropy (8bit): | 3.5882877667893496 |
Encrypted: | false |
SSDEEP: | 96:3fCpbcuJlEDA4MZAe2L2ICDcCJC6lCDUCph7Cph4HHhqe:3WbP4DSmpckHp |
MD5: | 80AEC56BA3D0709D35D42B8B38D9BF3F |
SHA1: | 8CB6A748FCDED66A2B0EB1F2253CB131214E031F |
SHA-256: | D273D2462493CFB5DAF9145E53B8D3321964946E42DC02041DA537281B77C4F9 |
SHA-512: | BCDC2B857C1ABC2639C80E89D77EC27ED62B75927648392EFA0FC267E8A4937B26577EE359C92B5C7ED02B95F389F899A528E40B5CD0B2E83177F6743208893F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1202385 |
Entropy (8bit): | 6.3676423528784865 |
Encrypted: | false |
SSDEEP: | 24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt1:3qTytRFk6ek1L2 |
MD5: | 628B00C12FAC5A7E788FDFD8A02244D1 |
SHA1: | 7C318E92F2AE8E77FBF3669C65D56E4691648CE3 |
SHA-256: | BBD0534581D5EF17243748536FD95C31031600017C97F1645E83E44F1A7B2E62 |
SHA-512: | 3061987D15DAF427824771DBEAA56692C51817EB814B52309EF061606892CB1A71DE7A4895CE33C6D38A313DC990ACEDED237F90D2202802BD02472E25A5EE49 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Bat To Exe Converter.lnk
Download File
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1015 |
Entropy (8bit): | 4.534697656204505 |
Encrypted: | false |
SSDEEP: | 24:8mnRldygJ/IWjVrUADhhMdFWQxdFWtr/Bm:8mndhRjDhhMddd2F |
MD5: | F42E62654AEAE9ABAC3C82E5B18D3119 |
SHA1: | B528E3F69F7B4E0B24B4F050EBCB67831665FA4C |
SHA-256: | C899E33D85FACA785819143235C0EAF3297BA07267CA2B3D7ABF9621B95C9007 |
SHA-512: | 31A9822B6A9D5E50BC5AC21A57AEB57EA4A6EF0DACD104EEE8BAE7FEBA941047E3E4A9CE8B53C2DB5E43439D5DEC071A47D90FEFCBD23BA59DD01B8679D0A25D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Uninstall Bat To Exe Converter.lnk
Download File
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 955 |
Entropy (8bit): | 4.5891660457182555 |
Encrypted: | false |
SSDEEP: | 24:8mmAbdygJ/IWkDhIQA/h4dFWNgdFWtrTBm:8mm0dhQDh4/h4dOgd2Z |
MD5: | 991F6FE2A628D3996237065EE5FA004D |
SHA1: | 76E30774608496332AA507ED634E6A95BB50C3CE |
SHA-256: | FA6E32B7F0DDE54847C6BAD806960E2B410E17BC5B8F57B95DEAB2FA2AD8B767 |
SHA-512: | FFAB602FFF593244C2AF667761D1456DF4E5B6DA2A6C5B056D54AAF09A35C17ACA449C3133BFFBE333811B5A916100BE70574D8691E62FC56FD95F28260BC010 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1179648 |
Entropy (8bit): | 6.395287124443116 |
Encrypted: | false |
SSDEEP: | 24576:RtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt:PqTytRFk6ek1L |
MD5: | 90FC739C83CD19766ACB562C66A7D0E2 |
SHA1: | 451F385A53D5FED15E7649E7891E05F231EF549A |
SHA-256: | 821BD11693BF4B4B2B9F3C196036E1F4902ABD95FB26873EA6C43E123B8C9431 |
SHA-512: | 4CB11AD48B7585EF1B70FAC9E3C25610B2F64A16358CD51E32ADCB0B17A6AB1C934AEB10ADAA8E9DDF69B2E2F1D18FE2E87B49B39F89B05EA13AA3205E41296C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47104 |
Entropy (8bit): | 6.38249525851103 |
Encrypted: | false |
SSDEEP: | 768:kWyGCFzNhPlIpVnwuDbU0xy576WK73T3aFfVbBiRchq/rgIQs1GAXw1WInr7llh0:kDFpgpBd80OK7D0VbBiyADg9s1JXw4Iz |
MD5: | CAFC4EEC8A4F05B8DFEE4067FB5B9076 |
SHA1: | 38F4C66246636E187FE4BF2AA8CB1D9B2502A14C |
SHA-256: | 1FA554D18490CB5E56D624CD97069F42E63800688136C6CF3C521E4EF6E83E28 |
SHA-512: | 3C3E7C874E6B182AEF812A1B593C3B1A3EA6EFD5AE99792B88009CB6E6E0CEE13C46FC26A1DBB7D73899A2ED01F73779C06D85246FD23EDC6BF04FE41E0E133B |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54784 |
Entropy (8bit): | 6.505164558362332 |
Encrypted: | false |
SSDEEP: | 1536:ob9eNDMeUu2rpfT+Rpog93zAecGMWEPwv+iRS6:oENDILpg7nYpiV |
MD5: | F69B0E5F35B5DAE1B11B950CFF157FB3 |
SHA1: | F582F77D036C362F1EC5A0AB11707143CB0C9220 |
SHA-256: | ED010C50A7CEB43B9666E7FBCA13D8377D30B79203207BAD77004A890ADEEA17 |
SHA-512: | F0AC0B51A80D20148D069A231D50A581E6580EA45ADC2D15C15182C9551363E204E119DAAC544C37AC6D9E93B75AB73E90E9947E7BF3CF86707A5C5645E2750C |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 568320 |
Entropy (8bit): | 6.362114578604268 |
Encrypted: | false |
SSDEEP: | 6144:FuyRri/YTtF1LbOtbvMMhLxodmpjSIZ/KfmGE178z0srIW4w23Y8D9xbDUV7R0Kq:FucNtFJCxvBLxodojSIZKmX5sr/h4Ik |
MD5: | 0239B5B3A757CE3367335E873B9D9DDA |
SHA1: | 11A2EA37F1AAA80C547B07DEE5B7D1B727809376 |
SHA-256: | 2B04DB2CAA0064A89DCB8137077F12DE5D2B72389CEEED1227CE7C80C5C7023A |
SHA-512: | 859013A987E49991E55EE826EF1CE3593163AB37ED19F0DB1587D729CBAD1897EA09401556AE0DF2B840972DC4909BF479047A42B1DB387136CD68659BD515BB |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20381 |
Entropy (8bit): | 5.87618803287666 |
Encrypted: | false |
SSDEEP: | 192:3cVkQ/kDkglpmDHrjhxqIUexuvMc7PwiloGn2NgjaJ+poKuHTrUDuoOHLO5Fpib0:3c6Qc3mDfUDvMcv/nA8akoKukDwZPs |
MD5: | D4FC8C71A167383B2CEA62137B12F63D |
SHA1: | A065B7A9479C0FCE752DFB1120C58310661EB4AB |
SHA-256: | 2786F9B9CDF8A73396405CE59CB6D00FAD9D51E5136183999D14A5CB9F5D80FB |
SHA-512: | D60F2841DC6C873D6B26A0A2D019878AFDEBB52426C05F57C40C54181352A98FA4E628202313D718274C96767D5D3095FEFEFBEBD307DE61EE3B7F0A08666989 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6427 |
Entropy (8bit): | 5.413103855303524 |
Encrypted: | false |
SSDEEP: | 192:QVvN9zpYcnuWDOCarYMDX3XmAlROa4xjbz:U9zQCKYgX3XMxjbz |
MD5: | 2125B2D9BFDA91CECA3ED41F4C861B4C |
SHA1: | B0D6F35D8A60659FF40F1759B6207C81D99AC0F9 |
SHA-256: | 876D4162596D4EFA962D5E214A3A801EAE4C8BFD36439D20880D5098F602321B |
SHA-512: | 2A009AA887643FE268D9130347A5940B7EEF134BF3DE16E2D43337CA41F5B71E5BECAC02BFD96BC0A36AFB202BF51D6CD70477F0CC77E5D6DC8E02A6290BF415 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5502 |
Entropy (8bit): | 5.481178089670343 |
Encrypted: | false |
SSDEEP: | 96:e3g+6RnucNWIoSrE7eC5irlf8d4QscFKY+cdT5sHKoNNYps6O0Xq5Y+LbaE9QfJF:8g+knPw0os0KYtsqoNNU3XqY+3l9mJI8 |
MD5: | CFC7FC230EA20DC8E11BB17389FA57B2 |
SHA1: | 23431C831BCC90F5678C9F9987359C69C57CD269 |
SHA-256: | 63D5C6772D8998FBD0331092E96151CA31662A6A7AC7B11AF4F5E2FD30ED77F4 |
SHA-512: | 5A10F9995AD54506E21D8E084B91C95417F9DC1BF55AD00F9B127803385E9A727DEFB38B22A89CF5AFDA9AED6932EC912FC56B82BB884AA318C4C606F627C682 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4512 |
Entropy (8bit): | 5.888205681855047 |
Encrypted: | false |
SSDEEP: | 96:4bkF2b86BVTbzxtcM/jFnGHAhf7Y/H1paCNexJs375lyEc8EV1Zw6:CkF2b86Bh1TCA9Y/VrNck/yEEVzw6 |
MD5: | 8AB06A4B804350D0A232E65B82E992E1 |
SHA1: | B1C11CF302C18A2334EAA09DDA4C0EBAA54C2D77 |
SHA-256: | 5A5FBE8998D1AA2C6CB7E16FA50861910C806AC3DF99E2026E8B577175B36133 |
SHA-512: | 4B9F8324F5DA953AE18B8BB073CC8414BCBB9584E1AA5B6D80214EB00AC8BB8AA8B86EA94F901098AB03A924B0EEB49A3451D09408B563E2259892478468BB06 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4515 |
Entropy (8bit): | 5.895445604698382 |
Encrypted: | false |
SSDEEP: | 96:aK7D0+JkfAcpBka45aGJz1XLLXQOYR1h7mKSFOZVfAfNX8EiVCc6:aK7D0+ydV34LXQOYPWOjfAVMEnc6 |
MD5: | 4CCFE9DC8CDFE91117D59B8599419D26 |
SHA1: | AED9EFB0FE4715F3E0D7C72B996A1D148FA8D447 |
SHA-256: | B59693AB5279FEB735B9A10943BDBAE71C9CB363B1AA83E40F422142B39FF360 |
SHA-512: | E62FE04027297C3DD99F854211E2966D2E206B39CC9F37AB221F1C13591343795D73AA4883EA9F42F542878DACDB965815B92ED234D20E126FC323C411EEA6FE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6387 |
Entropy (8bit): | 4.150753889633663 |
Encrypted: | false |
SSDEEP: | 192:X0w8lfNd5Zm/PzBNOTS4/J2gK/kycQfhuc:x8l1x+z2TS4/Jy/kgEc |
MD5: | ACEF3CF2CD28076E5313A02F6984F754 |
SHA1: | E24231ADA7DD357F7C1CA78A7A88700782B50E37 |
SHA-256: | 4564DAC8FD1DE4C66D9506C516198A079CF6C98B9EC4F8A7527C27F44800CC22 |
SHA-512: | 901CE97986BC2476433D8F6CABCE99ABCBA16CBA41F68F5CC1645133D43E6AB67D20E3F1C7DB08BDC18EC1A957CA371AAACB5468970C7A34574444D61E6F04EA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6966 |
Entropy (8bit): | 4.4351898698934304 |
Encrypted: | false |
SSDEEP: | 96:IEWliR8xl/tuuAvoyUNH0q+tzXiLFSzfwqiowiXUbVlNH7ZUEY4Uf2hqoC5SFbyo:PWU4cuAINH0tSLgHiIUH9ZUJ/f2M2bF |
MD5: | 101A8B4AE341C9D9ACD37626BA3909F5 |
SHA1: | 8716D647EA6AA120E6B00975DDBDF076570264AD |
SHA-256: | F12BF0E1FF2327107B92DE4D69234D0364B530B34761E01CCB021805C3ABE562 |
SHA-512: | CF10C1956FBA214F85EA621EBCC3C334A90AB93D38F4641DB7B1735687CD70A57DD406F81B2B36E6461E62A06A2A490F5AE5C6418140010CEBE78AD9413A8F5A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8389 |
Entropy (8bit): | 4.556656309616615 |
Encrypted: | false |
SSDEEP: | 192:5INqmux7tQeD1XDot3rbFCKnBifxAltB3AESl:4qnZ0t75LBKW7vSl |
MD5: | E85F3E236272739458070F2AD0FD8AEA |
SHA1: | 45C44551DA97FCCB2DA948DF4BE51EF4DE472348 |
SHA-256: | EFA8B1029530AA46FF21F704F6EFE59A69FE59D6B96E2370EDC32FAB62A2FD29 |
SHA-512: | FCE0B86A5EB75C8286A755A928ED6529934438BD0BB53EC3BED2173CFB5F0BD263FEC649BA93C687C68017063ED207B0AA0530421183F7AD5C29F115E38E5BD6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9499 |
Entropy (8bit): | 4.5624224565941 |
Encrypted: | false |
SSDEEP: | 192:PGGg/NtyFIKAwDKQCHFoVuYMaqz5Gy70sdLHG18REYcYnyVm2PQJv3XhnTe2Xmpb:eV//E9DVCHFokYMaq8y708HG189Oozzm |
MD5: | CE7919F5607F6852962AFEE414CF143C |
SHA1: | 1CD289D7C4FA9E8951F48F4338546067E7652B95 |
SHA-256: | CDA6F61CB33194B48B9764BC9E1D704197454DA7967BB7B6F0F87122D033E767 |
SHA-512: | 1255BB23A24E77D9F66FD7B2BBDDA0ADA8FD8825F16ECC128174E89C671180B87E497583137CB59CD7D6D7981A9A982D8D584A67E4B72E532BF4E4033FBCFAF9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5389 |
Entropy (8bit): | 5.3452303894979805 |
Encrypted: | false |
SSDEEP: | 96:IE8xfLofbXyG/soMrKcpfsbziUR9G7hPGeHHlgKh5YkTNzLnBBNp:P8uNsacpfsizh7HlgaYONz7BBT |
MD5: | 126DC042974C8979DB72CCC7F253E6AA |
SHA1: | B78663D76A0E26919249C502ED10D5E66C90B81B |
SHA-256: | 515607FF950FCB9729E2DEBB947F6C869BBB58189BB73CC7EFCCB9308D6936ED |
SHA-512: | 80F49EAC959F36066BAC27B24A2DA706F79CE6D311E1365E30EB7B3D58D8DB249C83F3C8A82A094F327C6329D281410454DD60CB0DAF6A4F0239FE8B4D82A1DF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5571 |
Entropy (8bit): | 4.915928421056274 |
Encrypted: | false |
SSDEEP: | 96:IE0Yraa656WKAeNoIdgNhQA+BgTdA4UK+/14/BDFiLJSjLxGFvU0XJ4M:P0aaRkWOrgPH+qdAd2/aJwdGiqJ4M |
MD5: | 0B1FBD5CE0A704C773B535E9F7F954F6 |
SHA1: | 309EB1BD7EF5CB72439CBE4D10E387F86C4017BF |
SHA-256: | AE6EDA1EFC2F611498B9B94FD297FAE3CD46E85D38891D598A78E7D844DBFF6A |
SHA-512: | BD383E6201241C5AFEE8FABF1DE60D2617F0288CFE79CB871BB49F691CD9935571D183E3D95286F034FD9D5D5F7F352E0D7B93DF87B3293E2A06B82EF95B5B06 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5771 |
Entropy (8bit): | 5.013595303578687 |
Encrypted: | false |
SSDEEP: | 96:oE9xcPtw2yK82RyFKDXWie0S4CvUqXFM+KChY+Xu0uNlboguRLAu0AcHClE7RJn5:oE9xItw2v82RCKDr5NCZFM+9hY+Xu0kt |
MD5: | BEF8EC23F8162F30BCDB19B9E63BEF90 |
SHA1: | 10D47362FD769EC15B783735CA1BCA4BC93E668A |
SHA-256: | 85407106B34A3C4451CEA55786DF36D2408BC579A4211C02D12AB3650C96A86E |
SHA-512: | 07F76EA30827CCEEE2C5E75483E00194C1C1F9EE968CE2D709D8AC32B4C9750164951C77342B517C6367965F21380DFB9760A8842BBA64064CD5E2D04D798A8E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5446 |
Entropy (8bit): | 4.848999465904957 |
Encrypted: | false |
SSDEEP: | 96:oEQRR1C6cEuOOr5rTSrkMmvBYuZE+4NbZlqQm0jefR7Sb3tlZ+Llch5yy//P:oEqR1C6TudnSbsBYuZItlqQDPDYLlchH |
MD5: | 6B078E7A6849C8954A5001A044BC90FD |
SHA1: | 57C318CFB473A8E3A4675CAC70732A2FE6AB7B76 |
SHA-256: | 9F93BE553F9256EC0D71BD44CAA1990B82D7EEFEB6AC5075A96E8C4BC9D41C06 |
SHA-512: | A07A8E705AE8A43D1756F39839CC22C5A481A0871388277B73A72EC914CFAD6638B88F02492459F7DC9FB8BB8CCF62A8D4184D6482894DFA400AB0F259E998E4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5731 |
Entropy (8bit): | 5.235127210855445 |
Encrypted: | false |
SSDEEP: | 96:ybIE7gYC2n60xiJaJJzVaAbPtqUpjujJEPLnie7eFUFhxjflsZJL8ueSuJvc3VIZ:ybrPHoJaJp82wUpj2weFSGZJwRSuJvce |
MD5: | 0427E675DAE96193FBBD2575B25E4ADD |
SHA1: | 7FC54DD5AEC429F431CAA39A8A7132AA7B2ADEA3 |
SHA-256: | A9EC95138C89144FAD7304CCDFA22E30F4552F42EC5F87EFBEC17E6B45227886 |
SHA-512: | 82AA697BE9D38BC64F43A872238D738D7559891D42EE548053FF20FF456F72F1F6A2DCCEC85423CA527E98801E35F3ABC358F3F80A19BB03A091B2F2147A5E2D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5136 |
Entropy (8bit): | 4.907104375023733 |
Encrypted: | false |
SSDEEP: | 96:IERQmH0jdNW2QzGyub7sNCC1xvtOCxk5ul9bKEHimSpyusIvLwAp+eGHXdl:PRQmUBNW1Gb77C1bOCxk5y9bK2i0u7U/ |
MD5: | 30E8FFB0E32E27F754610A3CB6B2E932 |
SHA1: | 189656584C97E3149D7BA2EB1B86D774BFC682A2 |
SHA-256: | 3C0405BD3D1AF87EF1675E067020C07A754C2C62662D8F32009A6265C3F48D55 |
SHA-512: | 4C859CB74CDF473946B4436DBB93972FDBE1E764947F5BA09893D013DA1253E36D5FD27E50B81ACB13B849525F84FE21B7BF5BCF53195BB3FEFB315D53903B70 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Bat To Exe Converter\lng\Portugu s Brasileiro (Portuguese Brazilian).lng
Download File
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5639 |
Entropy (8bit): | 5.014841388257068 |
Encrypted: | false |
SSDEEP: | 96:o/7/tlDAyNWMiJolH81z04S+yomJnt/tfLFriPfqw7wI0ABtD6UwNl:oj/7DAyNXiqlCz0hzPJNyPlMIZD6/Nl |
MD5: | 71F0183E192E34D375F0735210E97C4A |
SHA1: | B60E72378FEF5227D9B3EA8F30DD29D4C9BE097B |
SHA-256: | 130764E3A2E43B78EE632C0372BC5630BD62ABF74AA825865FE5B4C14F4D7A27 |
SHA-512: | 19914BFEA9F4EE3ECD46835F0C276A477A6F1B440FB9F33F9B8DF0E063B1CF0703495C27336FED1F101315690C43110B9E47DAC0F688D41EEA59F3415468D756 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5431 |
Entropy (8bit): | 5.3468775375546045 |
Encrypted: | false |
SSDEEP: | 96:IEL64APn65uLf7qs40IJS9n9utccdB/OOhfJnvLdB08GhiAD3mPtj+hNC1hbq364:PL6R65yfer1S99utccdB2OhfJnvLP0xJ |
MD5: | F19CD4F6CCE52F99B6C62802E0D690C4 |
SHA1: | 6D719B72AC137021B9F8809575161B878BC6359A |
SHA-256: | 9442A4ED768B0F65D4A8DD5C1E91C9E7EDBEA4235C8C8E5C6AB44A54F93297A1 |
SHA-512: | 50A95D4017737A9DA59414048308D10BBD892789DCAB7D56C75547E216A730847337B476F1B01DECEA1BE64E90C82343C2FA82BD653C73BAD9BAE645D826E802 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5270 |
Entropy (8bit): | 5.202682622645692 |
Encrypted: | false |
SSDEEP: | 96:oEy4jacW4p0ots/3xQf9PdwSzP9b1SwLAp6hmKe/MLP9boFKOgxAVEGoA:oEy4Rpvsx49Pdxf0p9K8GPVigxx9A |
MD5: | 6D8188689F086C305793941E56B51EF9 |
SHA1: | 2E4A5E74B0B9D61C4FF6E25B21A659BE1CADD9F3 |
SHA-256: | 51F36AA59CBE22FD5A470D75DC77B1831D88643F3687A7C8717C46A105567354 |
SHA-512: | BCAC0CE5722972AAFB7323017196770995AF0FE623BB6CD4D78122046310648E0D65D45B3E6411504621BD140EBE368086A0A246EF19433B1DEC6C239D4474E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 364544 |
Entropy (8bit): | 7.995709475150595 |
Encrypted: | true |
SSDEEP: | 6144:PhoGv9lnheLRaK5KOdHW/Znp2BPCx/5yR9fXG785NrtjKWvn0MGHJKZkHDoS:Jr9lnheLtk6Hy1gPCpi9fWOhKqJoJKZu |
MD5: | 0A493C3B30C4F095B68171621CA94FDE |
SHA1: | 747159A347C12D394E9576167C234D7DB3D9AB0A |
SHA-256: | CE0CDAA2E2D12763C7C7B0DECC483020786EB28F25904ED63C06512A83938B69 |
SHA-512: | 9C67511BDE3EEDFA0482BF28CDD5564E12CB3C770982AD26EAAA39F2C1F07E90D0F017C7155881F6AF9394C75B3C8A9B9D625124CEAA64EDC52F44A1A1955BFD |
Malicious: | false |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.991378162587342 |
TrID: |
|
File name: | SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
File size: | 4'482'593 bytes |
MD5: | 0d8bedda7d9b963de975685cf2b2a5eb |
SHA1: | cbbffe900a09e8a3bbb1a1bf16e7aeb8ebde72a1 |
SHA256: | 519f0b16537fa4a2bc228cdfce2b85c12225e2071d7789c8cc9bb8f7b85796ca |
SHA512: | 9d8eb3433e88fb47b15d624b493af69a9697eeeee7ccfef71daf04181bcc5ba45b2f9cc801679c0234399fdf80f4a85f20858038c41c11132b515fb76cf22612 |
SSDEEP: | 98304:/xQvu6zDf/mV8jYMG2eHlLrTvIpfCnIpMpCEORglqLxjX:/Gv9AMGnHlLrTvIquMiWqLxj |
TLSH: | 0A263303B3CB0836F036BE35CDA949646DA3356815F5B06E4EB3DA4F4A3D6C49877292 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 2d2e3797b32b2b99 |
Entrypoint: | 0x4117dc |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57051F88 [Wed Apr 6 14:39:04 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 20dd26497880c05caed9305b3c8b9109 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 00410144h |
call 00007F7B9924EBBDh |
xor eax, eax |
push ebp |
push 00411EBEh |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 00411E7Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [00415B48h] |
call 00007F7B99257303h |
call 00007F7B99256E52h |
cmp byte ptr [00412ADCh], 00000000h |
je 00007F7B99259DFEh |
call 00007F7B99257418h |
xor eax, eax |
call 00007F7B9924CC55h |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007F7B99253E9Bh |
mov edx, dword ptr [ebp-14h] |
mov eax, 00418658h |
call 00007F7B9924D22Ah |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [00418658h] |
mov dl, 01h |
mov eax, dword ptr [0040C04Ch] |
call 00007F7B992547B2h |
mov dword ptr [0041865Ch], eax |
xor edx, edx |
push ebp |
push 00411E26h |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F7B99257376h |
mov dword ptr [00418664h], eax |
mov eax, dword ptr [00418664h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007F7B99259E3Ah |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x19000 | 0xe04 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0xb200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1b000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x19304 | 0x214 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf244 | 0xf400 | a33e9ff7181115027d121cd377c28c8f | False | 0.5481717469262295 | data | 6.3752135040515485 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x11000 | 0xf64 | 0x1000 | caec456c18277b579a94c9508daf36ec | False | 0.55859375 | data | 5.732200666157372 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x12000 | 0xc88 | 0xe00 | 746954890499546d73dce0e994642192 | False | 0.2533482142857143 | data | 2.2967209087898324 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x13000 | 0x56bc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x19000 | 0xe04 | 0x1000 | e9b9c0328fd9628ad4d6ab8283dcb20e | False | 0.321533203125 | data | 4.597812557707959 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x1a000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x1b000 | 0x18 | 0x200 | 3dffc444ccc131c9dcee18db49ee6403 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x1c000 | 0xb200 | 0xb200 | 77556010789c981e280edab6f31467ef | False | 0.17841467696629212 | data | 4.142803017471795 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x1c41c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
RT_ICON | 0x1c544 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
RT_ICON | 0x1caac | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
RT_ICON | 0x1cd94 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
RT_STRING | 0x1d63c | 0x68 | data | 0.6538461538461539 | ||
RT_STRING | 0x1d6a4 | 0xd4 | data | 0.5283018867924528 | ||
RT_STRING | 0x1d778 | 0xa4 | data | 0.6524390243902439 | ||
RT_STRING | 0x1d81c | 0x2ac | data | 0.45614035087719296 | ||
RT_STRING | 0x1dac8 | 0x34c | data | 0.4218009478672986 | ||
RT_STRING | 0x1de14 | 0x294 | data | 0.4106060606060606 | ||
RT_RCDATA | 0x1e0a8 | 0x82e8 | data | English | United States | 0.11261637622344235 |
RT_RCDATA | 0x26390 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x263a0 | 0x150 | data | 0.8392857142857143 | ||
RT_RCDATA | 0x264f0 | 0x2c | data | 1.1590909090909092 | ||
RT_GROUP_ICON | 0x2651c | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x2655c | 0x4f4 | data | English | United States | 0.2823343848580442 |
RT_MANIFEST | 0x26a50 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | GetKeyboardType, LoadStringW, MessageBoxA, CharNextW |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW |
user32.dll | CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW |
kernel32.dll | WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW |
comctl32.dll | InitCommonControls |
kernel32.dll | Sleep |
advapi32.dll | AdjustTokenPrivileges |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:39:56 |
Start date: | 25/04/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4'482'593 bytes |
MD5 hash: | 0D8BEDDA7D9B963DE975685CF2B2A5EB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 20:39:56 |
Start date: | 25/04/2024 |
Path: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'179'648 bytes |
MD5 hash: | 90FC739C83CD19766ACB562C66A7D0E2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 5 |
Start time: | 20:40:31 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x140000000 |
File size: | 2'105'856 bytes |
MD5 hash: | E3D6B93E861FEEFA47CCEEAE03E99094 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 6.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 17% |
Total number of Nodes: | 1602 |
Total number of Limit Nodes: | 76 |
Graph
Function 0000000140001000 Relevance: 247.3, APIs: 13, Strings: 127, Instructions: 2274commemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140059267 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 186nativewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D138 Relevance: 51.2, APIs: 25, Strings: 4, Instructions: 445memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E59F8 Relevance: 37.0, APIs: 24, Instructions: 1011keyboardwindowtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400451E8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 301memoryfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042388 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 155windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004C1BC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 107libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BD20 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005A27C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400439C8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D068 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400471B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005AA9C Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 107memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042CA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 116memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400500A4 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 109COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005BFC8 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 237memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140059660 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 157memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140109050 Relevance: 19.6, APIs: 13, Instructions: 81memoryregistrythreadCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EB70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 179memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051B00 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 167COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B5EC Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 58libraryloadernetworkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006AF58 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 58libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042EF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 77memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D8F4 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 49libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005803C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400523B4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140056944 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001401097A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140058A24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DF94 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57registryclipboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BA80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EECB0 Relevance: 12.3, APIs: 8, Instructions: 271networksleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004FC48 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F7DC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005826C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B14C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65memorythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F3E4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CA50 Relevance: 9.2, APIs: 6, Instructions: 151filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2306C8 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066A00 Relevance: 9.1, APIs: 6, Instructions: 103memoryfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048C24 Relevance: 9.1, APIs: 6, Instructions: 61memorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D980 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E51D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48registryclipboardcomCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005A3E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005621C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042BC0 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023F58 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 546COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EAC80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400530A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048B20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006BA0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B91C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005109C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005049C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CCA0 Relevance: 4.6, APIs: 3, Instructions: 75filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400DDA90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400CEC20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CDF0 Relevance: 3.1, APIs: 2, Instructions: 59memoryfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF236340 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EF3F0 Relevance: 3.0, APIs: 2, Instructions: 13sleepnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232A14 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22E0DC Relevance: 1.3, APIs: 1, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232A80 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DFA80 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 179windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF23163C Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 714COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DF8F0 Relevance: 16.6, APIs: 11, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DCF48 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22DB70 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF23605C Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1D3FBC Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF20979C Relevance: .5, Instructions: 549COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF20CB48 Relevance: .4, Instructions: 359COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1EADD4 Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF21A644 Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22EB70 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2349F0 Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF234E20 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DED40 Relevance: 21.2, APIs: 14, Instructions: 191windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DF7CC Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E8D90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1D5900 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2308E8 Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2346F8 Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DC9D8 Relevance: 13.6, APIs: 9, Instructions: 56windowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF235994 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF233698 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2368AC Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF230D6C Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DAEC8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DE5F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF234C24 Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E7704 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232C04 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF236758 Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |