Windows
Analysis Report
360total.dll.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 6340 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\360 total.dll. dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 5892 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6484 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\360 total.dll. dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 4616 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\360t otal.dll.d ll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 2928 cmdline:
rundll32.e xe "C:\Use rs\user\Ap pData\Roam ing\Custom _update\Up date_79066 994.dll", #1 MD5: EF3179D498793BF4234F708D3BE28633) - cmd.exe (PID: 4580 cmdline:
/c ipconfi g /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5552 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - ipconfig.exe (PID: 2764 cmdline:
ipconfig / all MD5: 62F170FB07FDBB79CEB7147101406EB8) - cmd.exe (PID: 2696 cmdline:
/c systemi nfo MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6484 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - systeminfo.exe (PID: 2968 cmdline:
systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD) - WmiPrvSE.exe (PID: 1476 cmdline:
C:\Windows \system32\ wbem\wmipr vse.exe -s ecured -Em bedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51) - cmd.exe (PID: 6348 cmdline:
/c nltest /domain_tr usts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - nltest.exe (PID: 4464 cmdline:
nltest /do main_trust s MD5: 70E221CE763EA128DBA484B2E4903DE1) - cmd.exe (PID: 3440 cmdline:
/c nltest /domain_tr usts /all_ trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1560 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - nltest.exe (PID: 4404 cmdline:
nltest /do main_trust s /all_tru sts MD5: 70E221CE763EA128DBA484B2E4903DE1) - cmd.exe (PID: 4396 cmdline:
/c net vie w /all /do main MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5888 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - net.exe (PID: 3252 cmdline:
net view / all /domai n MD5: 0BD94A338EEA5A4E1F2830AE326E6D19) - rundll32.exe (PID: 5572 cmdline:
rundll32.e xe C:\User s\user\Des ktop\360to tal.dll.dl l,CreateOb ject MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 4856 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 572 -s 452 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 1848 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 572 -s 472 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 3396 cmdline:
rundll32.e xe C:\User s\user\Des ktop\360to tal.dll.dl l,homq MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 3964 cmdline:
rundll32.e xe C:\User s\user\Des ktop\360to tal.dll.dl l,Register InstallTim e MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Unidentified 111 (Latrodectus), Latrodectus | First discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware. | No Attribution |
{"C2 url": ["https://jarinamaers.shop/live/", "https://wrankaget.site/live/"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
Click to see the 9 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
JoeSecurity_Latrodectus | Yara detected Latrodectus | Joe Security | ||
Click to see the 7 entries |
System Summary |
---|
Source: | Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): |
Source: | Author: Endgame, JHasenbusch (ported for oscd.community): |
Source: | Author: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 3_2_000000018003BC0C |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Spreading |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 4_2_00000203431CA350 | |
Source: | Code function: | 4_2_00000203431C1A08 | |
Source: | Code function: | 9_2_000002238013A350 | |
Source: | Code function: | 9_2_0000022380131A08 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 4_2_00000203431C4F58 |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 4_2_00000203431C78C0 | |
Source: | Code function: | 4_2_00000203431CB0C4 | |
Source: | Code function: | 4_2_00000203431C7B40 | |
Source: | Code function: | 4_2_00000203431CAD34 | |
Source: | Code function: | 4_2_00000203431C378C | |
Source: | Code function: | 4_2_00000203431C7588 | |
Source: | Code function: | 4_2_00000203431C77B0 | |
Source: | Code function: | 4_2_00000203431CB1D4 | |
Source: | Code function: | 4_2_00000203431C79C8 | |
Source: | Code function: | 4_2_00000203431C463C | |
Source: | Code function: | 4_2_00000203431C7A54 | |
Source: | Code function: | 4_2_00000203431D0AC0 | |
Source: | Code function: | 4_2_00000203431C7ACC | |
Source: | Code function: | 4_2_00000203431D0AF0 | |
Source: | Code function: | 4_2_00000203431C7704 | |
Source: | Code function: | 4_2_00000203431CCB54 | |
Source: | Code function: | 4_2_00000203431C745C | |
Source: | Code function: | 4_2_00000203431D0A78 | |
Source: | Code function: | 4_2_00000203431C7694 | |
Source: | Code function: | 4_2_00000203431D0A90 | |
Source: | Code function: | 9_2_000002238013B1D4 | |
Source: | Code function: | 9_2_000002238013463C | |
Source: | Code function: | 9_2_0000022380137A54 | |
Source: | Code function: | 9_2_000002238013B0C4 | |
Source: | Code function: | 9_2_000002238013AD34 | |
Source: | Code function: | 9_2_0000022380137B40 | |
Source: | Code function: | 9_2_000002238013CB54 | |
Source: | Code function: | 9_2_000002238013378C | |
Source: | Code function: | 9_2_00000223801377B0 | |
Source: | Code function: | 9_2_00000223801379C8 | |
Source: | Code function: | 9_2_000002238013745C | |
Source: | Code function: | 9_2_0000022380140A78 | |
Source: | Code function: | 9_2_0000022380137694 | |
Source: | Code function: | 9_2_0000022380140A90 | |
Source: | Code function: | 9_2_0000022380140AC0 | |
Source: | Code function: | 9_2_00000223801378C0 | |
Source: | Code function: | 9_2_0000022380137ACC | |
Source: | Code function: | 9_2_0000022380137704 | |
Source: | Code function: | 9_2_0000022380137588 |
Source: | Code function: | 3_2_000000018006A2C8 |
Source: | Code function: | 3_2_000000018004B1A4 |
Source: | Code function: | 3_2_0000000180017FE8 | |
Source: | Code function: | 3_2_000000018006DFF4 | |
Source: | Code function: | 3_2_00000001800220D8 | |
Source: | Code function: | 3_2_000000018007C140 | |
Source: | Code function: | 3_2_0000000180060174 | |
Source: | Code function: | 3_2_000000018008023C | |
Source: | Code function: | 3_2_000000018000834C | |
Source: | Code function: | 3_2_000000018006C470 | |
Source: | Code function: | 3_2_00000001800784E0 | |
Source: | Code function: | 3_2_00000001800764F0 | |
Source: | Code function: | 3_2_0000000180060578 | |
Source: | Code function: | 3_2_0000000180010580 | |
Source: | Code function: | 3_2_000000018004E5DC | |
Source: | Code function: | 3_2_0000000180062600 | |
Source: | Code function: | 3_2_0000000180002610 | |
Source: | Code function: | 3_2_0000000180004638 | |
Source: | Code function: | 3_2_000000018004A650 | |
Source: | Code function: | 3_2_000000018006E760 | |
Source: | Code function: | 3_2_00000001800647B0 | |
Source: | Code function: | 3_2_000000018007E7C7 | |
Source: | Code function: | 3_2_0000000180076930 | |
Source: | Code function: | 3_2_0000000180062954 | |
Source: | Code function: | 3_2_000000018006A994 | |
Source: | Code function: | 3_2_000000018006E9FC | |
Source: | Code function: | 3_2_0000000180082A18 | |
Source: | Code function: | 3_2_0000000180072A27 | |
Source: | Code function: | 3_2_0000000180010B58 | |
Source: | Code function: | 3_2_0000000180026C84 | |
Source: | Code function: | 3_2_000000018001ECF4 | |
Source: | Code function: | 3_2_0000000180008E20 | |
Source: | Code function: | 3_2_0000000180052FD8 | |
Source: | Code function: | 3_2_000000018003AFE8 | |
Source: | Code function: | 3_2_000000018005D014 | |
Source: | Code function: | 3_2_000000018006F0B4 | |
Source: | Code function: | 3_2_00000001800630CC | |
Source: | Code function: | 3_2_000000018005912C | |
Source: | Code function: | 3_2_000000018004B1A4 | |
Source: | Code function: | 3_2_0000000180049278 | |
Source: | Code function: | 3_2_000000018007B2D0 | |
Source: | Code function: | 3_2_000000018002B2EC | |
Source: | Code function: | 3_2_000000018006D3D4 | |
Source: | Code function: | 3_2_00000001800033E0 | |
Source: | Code function: | 3_2_0000000180075480 | |
Source: | Code function: | 3_2_00000001800694A0 | |
Source: | Code function: | 3_2_000000018005958C | |
Source: | Code function: | 3_2_00000001800576DC | |
Source: | Code function: | 3_2_00000001800097E0 | |
Source: | Code function: | 3_2_00000001800277FC | |
Source: | Code function: | 3_2_000000018002D964 | |
Source: | Code function: | 3_2_0000000180073B60 | |
Source: | Code function: | 3_2_000000018007BBB0 | |
Source: | Code function: | 3_2_000000018001BC38 | |
Source: | Code function: | 3_2_000000018005DD18 | |
Source: | Code function: | 3_2_0000000180073DF0 | |
Source: | Code function: | 3_2_0000000180011DF0 | |
Source: | Code function: | 3_2_000000018005BE6C | |
Source: | Code function: | 3_2_000000018004FF88 | |
Source: | Code function: | 4_2_00000203431C1030 | |
Source: | Code function: | 9_2_0000022380131030 |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 3_2_0000000180049050 | |
Source: | Code function: | 3_2_000000018004B1A4 | |
Source: | Code function: | 3_2_0000000180049278 | |
Source: | Code function: | 3_2_000000018008395A |
Source: | Code function: | 3_2_000000018004B780 |
Source: | Code function: | 3_2_00000001800072A8 |
Source: | Code function: | 3_2_000000018003A8D4 |
Source: | Code function: | 3_2_0000000180049AEC |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_00000001800033E0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_0000000180010452 | |
Source: | Code function: | 3_2_000000018001045B | |
Source: | Code function: | 3_2_0000000180175010 |
Persistence and Installation Behavior |
---|
Source: | Process created: |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 3_2_0000000180049AEC |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 3_2_0000000180062148 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 3_2_00000001800655A8 |
Source: | Code function: | 3_2_0000000180049AEC |
Source: | WMI Queries: |
Source: | Code function: | 4_2_00000203431C68E8 | |
Source: | Code function: | 4_2_00000203431C7FA8 | |
Source: | Code function: | 9_2_00000223801368E8 | |
Source: | Code function: | 9_2_0000022380137FA8 |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Code function: | 3_2_0000000180049AEC |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 4_2_00000203431CA350 | |
Source: | Code function: | 4_2_00000203431C1A08 | |
Source: | Code function: | 9_2_000002238013A350 | |
Source: | Code function: | 9_2_0000022380131A08 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_0000000180070760 |
Source: | Code function: | 3_2_0000000180066C3C |
Source: | Code function: | 3_2_00000001800033E0 |
Source: | Code function: | 3_2_000000018000A7AC |
Source: | Code function: | 3_2_0000000180070760 | |
Source: | Code function: | 3_2_000000018006F6E0 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Code function: | 3_2_0000000180066A50 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 3_2_000000018004A650 |
Source: | Code function: | 3_2_0000000180049278 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_000000018006A304 |
Source: | Code function: | 4_2_00000203431C8AE0 |
Source: | Code function: | 3_2_0000000180040CB0 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | 1 Valid Accounts | 1 DLL Side-Loading | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Scheduled Task/Job | 1 Windows Service | 1 Valid Accounts | 1 DLL Side-Loading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 2 Service Execution | 1 Scheduled Task/Job | 11 Access Token Manipulation | 1 File Deletion | NTDS | 26 System Information Discovery | Distributed Component Object Model | Input Capture | 113 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 1 Windows Service | 1 Masquerading | LSA Secrets | 381 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 112 Process Injection | 1 Valid Accounts | Cached Domain Credentials | 13 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | 1 Scheduled Task/Job | 13 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Access Token Manipulation | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 112 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 1 Rundll32 | Network Sniffing | 1 Remote System Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 21 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jarinamaers.shop | 172.67.136.103 | true | true | unknown | |
grizmotras.com | 172.67.219.28 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.136.103 | jarinamaers.shop | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.219.28 | grizmotras.com | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431883 |
Start date and time: | 2024-04-25 22:42:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 35 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 360total.dll.dll (renamed file extension from exe to dll) |
Original Sample Name: | 360total.dll.exe |
Detection: | MAL |
Classification: | mal100.spre.troj.evad.winDLL@42/11@2/2 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 360total.dll.dll
Time | Type | Description |
---|---|---|
22:43:05 | API Interceptor | |
22:43:29 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
grizmotras.com | Get hash | malicious | Bazar Loader, Latrodectus | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | SocGholish | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_68c96245dd5f839ff441fb79a97a9b35299d069_9cecb875_e8b4a60c-0a4b-406f-b4de-e74f5b66cb69\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8268108967609635 |
Encrypted: | false |
SSDEEP: | 96:QdFoL6iMyKyQsj94Rvm7qf8QXIDcQSc6EcEHcw33XaXz+HbHgSQgJjmh88Wpoxmx:A9iMyQH0MA9Tji5zuiFKZ24lO8I |
MD5: | CC88FC33C87092CDC3F61D03FC6E8E60 |
SHA1: | C43AE446F0311D61BEE7B9EFED2660A17A8B5851 |
SHA-256: | 288EAA26169B9B8C7D09F43E47579F1D768E8C51E33F1F9FAAC3DE6B851FFE7F |
SHA-512: | 88A5D368DC99CCC31A6943BC60C023840EB3911EAD40B6E651C8F325292641E63651E898298E3B40639DFC805879F57863E903B5FF0DE438516FA3B41A279D65 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_f6ce5fb8c554a1c5617cb52ea4bda5a5f52864d1_9cecb875_70d5a318-011b-4b09-9f21-f60ccd1d195e\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8236165350372622 |
Encrypted: | false |
SSDEEP: | 96:vbJFpCS6iMyKy/sj94Rvm7qfSQXIDcQYc6DcEZcw3CKXaXz+HbHgSQgJjmh88Wp0:v9DCiMy/J0mHzmAji5zuiFKZ24lO8Iz |
MD5: | 0D3FD00A2E806F44C712ABB9DF416F6B |
SHA1: | 874F63016A67FFDE2F460CED038D1F3969D427A1 |
SHA-256: | A2EDF49B7FA0640A00000F134A21211E203B64C44D78E89B24EB79A13E191C5B |
SHA-512: | 7616D48FA6CE328626E3B5960B98EC9951530D5773C22BEF4D31989D55F40088545190095A057A6AC5C35A3976AEC9451C1FF86DE8C165CC8AF748D570ED67B8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 1.702663610116918 |
Encrypted: | false |
SSDEEP: | 192:OJa8En2N3OMkBx2Nb9JqoKs7CSU3h0M6CZ3IElc:ua/n2wNf2NZes1qh0M6CZYe |
MD5: | FC3B7E0894086D60FC881221A28B2018 |
SHA1: | E27E953F03C8C4B057539E82A515E1314FA0470B |
SHA-256: | 5EF8173CB33A84BAF8980D003B1C24C32733358A803A0DE924FFF85788D9265F |
SHA-512: | BEA010F4F6E9DFFD8162E34199D9096B034052CA7C54A26C6F18352D7DA839A73232A3DAB372F577447B4F2667FEB88B4A5D8A47213BEC82952B3D00CD66D2F5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8528 |
Entropy (8bit): | 3.6940571803541307 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJAjSO6YQeyUgmf73e4pr/89bywJfaTmm:R6lXJqSO6Yhpgmf73aymfU |
MD5: | 09DC1D6CFD74D9D9840A050006D3394D |
SHA1: | 9B95F8F11E1853487C13BB57ED79C89CECE3D3FE |
SHA-256: | 05604C4E04A15C6345A7BC784023D1B01D165BF07205D6373DC11D91B9578DF8 |
SHA-512: | 557D58FFC722E5B91BCA5244221D290C809E415F30560DD8A668973EC6820C74DF5C379730A2ACA68CA41C667D29AC1DEE7FB5AC979B58A5926DBBD2ADA5ED6C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4763 |
Entropy (8bit): | 4.473336010199298 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsKJg771I9zoWpW8VYaYm8M4JCECyfFe9Il1yq85moeptSTS4d:uIjfYI74B7VOJ1l1hpoO4d |
MD5: | F3063DEF860857B63F3D8D4BB478A8EC |
SHA1: | 49BC3C3F45071CDD98E37BE85FD63C6A0112402D |
SHA-256: | 4771F9E6C84879B80B30E47937711E87D34678B10E142CE2245A10E0595A1955 |
SHA-512: | 0D81333E01CC6AAC12F1E58EBEDA7B96AD4840D3DAEE8264F80799FCACF9CE308EF49D49ED042C3A252DE5F97DFF8301BAD1C741A00C580970D061221D519E46 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58880 |
Entropy (8bit): | 1.6919640861786223 |
Encrypted: | false |
SSDEEP: | 192:wJEaDcEn2YbOMkwpUB9jihfio7CSU3h0M6ZbR5CVh:sEmfn2/NwpUP+hfio1qh0M6Zch |
MD5: | C9933C933703AB4DF27D75AEA65974FC |
SHA1: | E63C6200E9713E2EC2E56199B87C4F1DAF377EFF |
SHA-256: | 5FBAD9BDDCACC8B1EAD9E16BA665634ACC47AA527937863A64FFF8A59C66760C |
SHA-512: | 049A960841AB6E6CA78E0B572E97AD6A2053A8CDBF8BB6B552E7FCCF1076E00D6320E8EE01EB003AE81CAE9DFBC5B81D1F95F2DEFEFFE55E24FA9E31C589F45E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7000 |
Entropy (8bit): | 3.720984112850451 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbGfjfgUtaY8QPBBXjgaMQUl89b2w4g7ifEASm:R6l7wVeJAjfOY7ZapDl89b2w2fhSm |
MD5: | 9CE6C5249EF81C2A16C444ABD5E7FEAE |
SHA1: | 783069A5F9F93FB219DF6E0EA25CAB2DB1A3396F |
SHA-256: | ED6E986EED613F762603CBBAF164157B8F6804DBAD9321F82CD42115C7FE03C0 |
SHA-512: | 8EA6A130E06B94A422C80144D66DD9DEB4CE0E0F5C692870CC9933311625F46CB7EE3574BF96864165F7386A2E2C15F4CCD34D9D5C2A56D53B05485DAC414902 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4764 |
Entropy (8bit): | 4.47030216073724 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsKJg771I9zoWpW8VY6Ym8M4JCECyfFZyq85mo2ptSTS5d:uIjfYI74B7VOJvVpoO5d |
MD5: | 0FC45F00AE23F6C4A2DDCCF3343F467C |
SHA1: | 9A11C826A212EB85695EB442414877A53A7D3B93 |
SHA-256: | 497D083EB5877CCFE8D5208A53FB5A097993FE2983220CC309EABF02609C16C9 |
SHA-512: | 24BE0608B5BFB300826CE32CAD5A6892D86D7B479DDBD99D25F97353A58A9019EAF194A593667F0ECFEDC50F19A29C339B9B057F4697796A608F94562EE01965 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 906752 |
Entropy (8bit): | 6.2833336520446625 |
Encrypted: | false |
SSDEEP: | 12288:gfPSAAUHV4fZUv/TrguVTax7hNRu18VA8JFoxMk/wYeDKDMyAmp:qPSAAUHV4fZUvfgmaxpu1F8J6xMYHMBS |
MD5: | 74143402C40AC2E61E9F040A2D7E2D00 |
SHA1: | 4053DC85BB86C47C63F96681D6A62C21CD6342A3 |
SHA-256: | 1625AC230AA5CA950573F3BA0B1A7BD4C7FBD3E3686F9ECD4A40F1504BF33A11 |
SHA-512: | 4AA55B859F15BE8B14C4A0FF6F3971F49B47C1C8C8427F179EB4AB0C76E321441ADFD173469FACB12AAE1E81E25F1328FD621214B42E66F690BA4E9EE1E54CF9 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 74 |
Entropy (8bit): | 5.908579547973678 |
Encrypted: | false |
SSDEEP: | 3:pZ8L7fSSUsGfzKwfUEInu9r20hgpKVUOn:38L7fohN/9r2u |
MD5: | F66F60007362F27534A5E2181AEE8E10 |
SHA1: | 057F9DF7359659A028A3EEE7D83A883B30B9B241 |
SHA-256: | 63B2F94F5ED9B65F1C960BD6AEF53B537150FABD363E668E431F2838AB868E5F |
SHA-512: | B056A63EF53A317BE361177178F8E9B5AD48F391AB3C5531323E80B3C098B456B6B807B6CF8AFAE274B3E5D0329A55D70D05CAF944D3ABAEA7E9F36120612085 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.42243160157816 |
Encrypted: | false |
SSDEEP: | 6144:OSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNa0uhiTw:tvloTMW+EZMM6DFy003w |
MD5: | 6E6550F7FB3FB7100478A63F954B3C58 |
SHA1: | 2DA543147387B6EDA666A54EFA99B7282375649E |
SHA-256: | EA88AC2955BFCD7A6972DE5D50544C8C4A5F33131FA2CA956F8DD1B869C63FFB |
SHA-512: | 8E3ADAB82CB3B5FA401E1DEED066991966D3D5E01186019B630E1661B914041CF3B48901538EEF1235CE030824CAD09B0AA78C18C6395B26754F5DE5FD410FB5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.2833336520446625 |
TrID: |
|
File name: | 360total.dll.dll |
File size: | 906'752 bytes |
MD5: | 74143402c40ac2e61e9f040a2d7e2d00 |
SHA1: | 4053dc85bb86c47c63f96681d6a62c21cd6342a3 |
SHA256: | 1625ac230aa5ca950573f3ba0b1a7bd4c7fbd3e3686f9ecd4a40f1504bf33a11 |
SHA512: | 4aa55b859f15be8b14c4a0ff6f3971f49b47c1c8c8427f179eb4ab0c76e321441adfd173469facb12aae1e81e25f1328fd621214b42e66f690ba4e9ee1e54cf9 |
SSDEEP: | 12288:gfPSAAUHV4fZUv/TrguVTax7hNRu18VA8JFoxMk/wYeDKDMyAmp:qPSAAUHV4fZUvfgmaxpu1F8J6xMYHMBS |
TLSH: | B4156B597FB88265C4A7C03A89938A96F3F278411F31D78F4161576E3F3B6B24B29312 |
File Content Preview: | MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........,>5.MPf.MPf.MPf.<Qg.MPf..Qg.MPf.%Tg.MPf.%Sg.MPf.&Ug.MPf-$Qg.MPf.<Ug.MPf.<Ug.MPf+..f.MPf/$Tg.MPf.*Ug.MPf.*Tg.MPf/$Ug.MPf.$Ug.MP |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x18006ff60 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA |
Time Stamp: | 0x60ED353A [Tue Jul 13 06:39:54 2021 UTC] |
TLS Callbacks: | 0x800789b0, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 908746745c485828202e3664dddf55a1 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
dec eax |
sub esp, 28h |
dec edx |
jne 00007F6B507EED0Eh |
call 00007F6B507EEDDCh |
dec eax |
mov dword ptr [0005E66Dh], eax |
mov eax, 00000001h |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
dec eax |
mov eax, esp |
dec eax |
mov dword ptr [eax+10h], ebx |
dec eax |
mov dword ptr [eax+18h], ebp |
push esi |
push edi |
inc ecx |
push esi |
dec eax |
sub esp, 20h |
dec esp |
mov ecx, dword ptr [0005E647h] |
inc ebp |
xor eax, eax |
mov dword ptr [eax+08h], 62756373h |
inc esp |
mov byte ptr [eax+0Ch], al |
dec ecx |
arpl word ptr [ecx+3Ch], ax |
inc edx |
mov ecx, dword ptr [eax+ecx+00000088h] |
test ecx, ecx |
je 00007F6B507EED75h |
dec ecx |
lea eax, dword ptr [ecx+ecx] |
inc ebp |
mov edx, eax |
mov esi, dword ptr [eax+18h] |
test esi, esi |
jle 00007F6B507EED67h |
inc esp |
mov ebx, dword ptr [eax+20h] |
mov ebx, dword ptr [eax+24h] |
inc esp |
mov esi, dword ptr [eax+1Ch] |
dec ebp |
add ebx, ecx |
dec ecx |
add ebx, ecx |
movzx eax, word ptr [ebx] |
dec eax |
lea edi, dword ptr [esp+40h] |
dec ecx |
lea ecx, dword ptr [esi+eax*4] |
inc ecx |
mov eax, dword ptr [ebx] |
inc edx |
mov ebp, dword ptr [ecx+ecx] |
dec ecx |
add eax, ecx |
jmp 00007F6B507EED0Ch |
cmp cl, byte ptr [edi] |
jne 00007F6B507EED0Eh |
dec eax |
inc eax |
dec eax |
inc edi |
mov cl, byte ptr [eax] |
test cl, cl |
jne 00007F6B507EECF2h |
mov cl, byte ptr [eax] |
inc ecx |
mov edx, eax |
inc ecx |
mov eax, eax |
cmp cl, byte ptr [edi] |
setnbe dl |
cmp byte ptr [edi], cl |
setnbe al |
cmp edx, eax |
je 00007F6B507EED14h |
inc ecx |
inc edx |
dec eax |
add ebx, 02h |
dec ecx |
add ebx, 04h |
inc esp |
cmp edx, esi |
jl 00007F6B507EECB4h |
jmp 00007F6B507EED06h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc2be0 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc2c60 | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x173000 | 0x29d | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x16c000 | 0x6498 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xcea98 | 0x3f48 | .data |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x174000 | 0xff0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x9d5b0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x9d710 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x9d610 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x86000 | 0xab8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x84928 | 0x84a00 | e2e31c5c7e4fe3e525cff7a48eefeefe | False | 0.47230280984919887 | data | 6.3882723524944875 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x86000 | 0x3edf6 | 0x3ee00 | 63cfc64e6b66f4b5f42495585448342f | False | 0.33804982604373757 | Sony PlayStation Audio | 4.482248982092484 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xc5000 | 0xa6518 | 0x3000 | ff509d42bac4371303af1aa4cca9be90 | False | 0.23234049479166666 | SysEx File - | 4.608801437987786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x16c000 | 0x6498 | 0x6600 | d7c0afebce54eaf77c27bc124f1f0d5d | False | 0.5049402573529411 | data | 5.912256571930567 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x173000 | 0x29d | 0x400 | 3d1e3133eddf2d7b64237cb5d873ee5d | False | 0.298828125 | data | 3.495284342232033 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x174000 | 0xff0 | 0x1000 | 6f76baeca3addf9f1f068a1e0392fd3e | False | 0.360595703125 | data | 5.417278568480602 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
yhDm^ | 0x175000 | 0xf000 | 0xf000 | 7a41175d3a562a1c35ae7ae6deea74c5 | False | 0.6556315104166667 | data | 7.504515438356259 | IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_RCDATA | 0x1730a0 | 0x80 | ASCII text, with no line terminators | Chinese | China | 0.09375 |
RT_MANIFEST | 0x173120 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalLock, GlobalSize, GlobalUnlock, GetFileAttributesExW, GetTickCount, DeviceIoControl, GetCurrentProcessId, GetLongPathNameW, GetWindowsDirectoryW, GetCurrentDirectoryW, MoveFileExW, SearchPathW, CreateThread, WaitForSingleObject, GetCurrentThreadId, GetVersion, GetSystemDefaultUILanguage, GetFileSize, GetLocalTime, VirtualProtect, GetModuleHandleExW, IsBadStringPtrW, ProcessIdToSessionId, OpenProcess, CreateProcessW, WTSGetActiveConsoleSessionId, MapViewOfFile, UnmapViewOfFile, GetProcessId, LocalAlloc, LocalFree, CreateFileMappingW, GetFileSizeEx, GlobalFree, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, ResumeThread, GetSystemTimeAsFileTime, ReleaseMutex, GetSystemTime, SystemTimeToFileTime, SetFileAttributesW, DeleteFileW, OpenFileMappingW, OpenThread, GetCommandLineW, OutputDebugStringW, RtlPcToFileHeader, FormatMessageW, CreateFileA, LocalFileTimeToFileTime, SetFilePointerEx, HeapLock, HeapUnlock, HeapWalk, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, GetFileTime, GlobalAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, InitializeSListHead, InterlockedFlushSList, ExitProcess, OpenMutexW, CreateMutexW, WideCharToMultiByte, FindResourceExW, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, RaiseException, InitializeCriticalSection, lstrcmpiW, DeleteCriticalSection, SetLastError, CloseHandle, GetLastError, LoadLibraryW, GetSystemDirectoryW, SetFilePointer, GetVersionExW, GetSystemWindowsDirectoryW, FindResourceW, SizeofResource, LoadResource, LockResource, FreeResource, GetFileInformationByHandle, CreateFileW, Sleep, ReadFile, LeaveCriticalSection, EnterCriticalSection, MultiByteToWideChar, LoadLibraryExW, ExpandEnvironmentStringsW, FreeLibrary, GetCurrentProcess, GetProcAddress, GetModuleHandleW, GetFileAttributesW, GetProcessHeap, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, HeapDestroy, WriteFile, GetExitCodeProcess, IsDebuggerPresent |
USER32.dll | IsZoomed, GetWindowTextW, SendMessageTimeoutW, SystemParametersInfoW, EnumDisplayDevicesW, GetLastInputInfo, GetClassNameW, GetShellWindow, GetWindowInfo, EnumWindows, WindowFromPoint, GetWindowRect, GetDesktopWindow, GetSystemMetrics, GetWindow, IsWindowVisible, CharNextW, FindWindowW, IsWindow, GetForegroundWindow, MonitorFromWindow, wsprintfW, GetWindowThreadProcessId, SetForegroundWindow, LoadStringW, GetAncestor |
ADVAPI32.dll | RegDeleteKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, LookupAccountSidW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateProcessAsUserW, CloseServiceHandle, QueryServiceStatus, StartServiceW, ChangeServiceConfigW, OpenServiceW, OpenSCManagerW, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, FreeSid, GetLengthSid, SetTokenInformation, AllocateAndInitializeSid, CreateRestrictedToken, DuplicateTokenEx, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, CryptReleaseContext, CryptGenRandom, CryptAcquireContextW, RegEnumValueW, RegCreateKeyW, RegQueryInfoKeyW, RegSetValueExW, RegDeleteValueW, RegEnumKeyExW, RegCreateKeyExW, RegCloseKey, RegQueryValueExW, RegEnumKeyW, RegOpenKeyExW, RegQueryValueExA |
SHELL32.dll | SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW, ShellExecuteW, SHGetSpecialFolderPathW, SHGetFileInfoW, SHGetDesktopFolder, SHGetMalloc |
ole32.dll | GetHGlobalFromStream, IIDFromString, StringFromGUID2, CoInitialize, CreateStreamOnHGlobal, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize |
OLEAUT32.dll | SysAllocStringByteLen, SafeArrayPutElement, VariantChangeType, VariantInit, SafeArrayCreate, SafeArrayGetElement, VariantClear, SysStringByteLen, SysFreeString, SysAllocString, VarUI4FromStr |
SHLWAPI.dll | PathRemoveFileSpecW, PathAppendW, SHSetValueW, SHGetValueW, PathAddBackslashW, PathFileExistsW, StrCmpNIW, PathFindFileNameW, PathIsRelativeW, StrCpyNW, PathIsDirectoryW, StrPBrkA, StrPBrkW, StrStrIA, StrStrIW, PathFindExtensionW, SHEnumValueW, StrCmpIW, PathCombineW, StrRetToBufW |
WS2_32.dll | WSACleanup, WSCDeinstallProvider, WSCDeinstallProvider32, WSCUnInstallNameSpace, WSAGetLastError, WSAStartup, ntohl, htons, htonl, ntohs |
VERSION.dll | VerQueryValueW |
IPHLPAPI.DLL | GetIpAddrTable |
WTSAPI32.dll | WTSFreeMemory, WTSQueryUserToken, WTSQuerySessionInformationW |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock |
PSAPI.DLL | GetModuleFileNameExW |
msvcrt.dll | wcstol, realloc, wcsspn, wcscspn, _mbsstr, _mbsrchr, _mktime64, towupper, memmove, memset, _CxxThrowException, ??0exception@@QEAA@AEBQEBD@Z, ??0exception@@QEAA@AEBV0@@Z, ??1exception@@UEAA@XZ, ?what@exception@@UEBAPEBDXZ, memcpy, memcmp, wcscmp, _amsg_exit, __getmainargs, _initterm, __CxxFrameHandler, __DestructExceptionObject, _localtime64, ___lc_codepage_func, rand, atoi, wcspbrk, __pctype_func, tolower, ___mb_cur_max_func, strtol, localeconv, ___lc_handle_func, abort, memchr, _wcstoui64, _msize, _XcptFilter, mbtowc, strrchr, iswctype, srand, ceil, log10, _clearfp, ?terminate@@YAXXZ, _wtoi, malloc, free, wcsstr, wcschr, wcsncmp, __C_specific_handler, ??_V@YAXPEAX@Z, ??3@YAXPEAX@Z, _wtoi64, _wcsupr, _wcslwr, _strlwr, strchr, _time64, _wcsnicmp, ??2@YAPEAX_K@Z, _wcsicmp, wcsrchr, calloc, iswspace, _errno, ??_U@YAPEAX_K@Z, sqrt |
Name | Ordinal | Address |
---|---|---|
CreateObject | 2 | 0x180004844 |
homq | 1 | 0x18001b208 |
RegisterInstallTime | 3 | 0x18005b578 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China | |
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 22:44:19.050565958 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.050602913 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:19.050667048 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.060827017 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.060859919 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:19.298181057 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:19.298252106 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.368861914 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.368897915 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:19.369339943 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:19.369664907 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.371786118 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:19.416115999 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:24.088558912 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:24.088675976 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:24.088699102 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:24.088854074 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:24.088932037 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:24.089143038 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:24.089282036 CEST | 49726 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:24.089297056 CEST | 443 | 49726 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:25.252623081 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.252660990 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:25.252739906 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.253062963 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.253074884 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:25.489451885 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:25.489528894 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.490319967 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.490336895 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:25.497419119 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:25.497441053 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.125051022 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.125108004 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.125117064 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.125169992 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.125508070 CEST | 49727 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.125521898 CEST | 443 | 49727 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.213733912 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.213778019 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.213864088 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.214157104 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.214169025 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.444214106 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.444282055 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.444848061 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.444859028 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:31.446533918 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:31.446540117 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.180743933 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.180819035 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.180851936 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.181051016 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.181186914 CEST | 49728 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.181204081 CEST | 443 | 49728 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.322779894 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.322820902 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.323044062 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.323637962 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.323652029 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.555305958 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.555435896 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.557426929 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.557426929 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:44.557442904 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:44.557461023 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:58.679569960 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:58.679693937 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:58.679738998 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:58.679795980 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:58.680145025 CEST | 49729 | 443 | 192.168.2.5 | 172.67.136.103 |
Apr 25, 2024 22:44:58.680181026 CEST | 443 | 49729 | 172.67.136.103 | 192.168.2.5 |
Apr 25, 2024 22:44:59.203442097 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.203481913 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:44:59.203551054 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.230818033 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.230848074 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:44:59.466718912 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:44:59.466790915 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.473687887 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.473706961 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:44:59.473969936 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:44:59.474016905 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.475369930 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:44:59.516119003 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:45:08.297723055 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:45:08.297853947 CEST | 443 | 49730 | 172.67.219.28 | 192.168.2.5 |
Apr 25, 2024 22:45:08.297951937 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Apr 25, 2024 22:45:08.298283100 CEST | 49730 | 443 | 192.168.2.5 | 172.67.219.28 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 22:44:18.901473045 CEST | 53114 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 22:44:19.043672085 CEST | 53 | 53114 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 22:44:59.056463957 CEST | 51743 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 22:44:59.202184916 CEST | 53 | 51743 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 22:44:18.901473045 CEST | 192.168.2.5 | 1.1.1.1 | 0x9834 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 22:44:59.056463957 CEST | 192.168.2.5 | 1.1.1.1 | 0x31c5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 22:44:19.043672085 CEST | 1.1.1.1 | 192.168.2.5 | 0x9834 | No error (0) | 172.67.136.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 22:44:19.043672085 CEST | 1.1.1.1 | 192.168.2.5 | 0x9834 | No error (0) | 104.21.46.75 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 22:44:59.202184916 CEST | 1.1.1.1 | 192.168.2.5 | 0x31c5 | No error (0) | 172.67.219.28 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 22:44:59.202184916 CEST | 1.1.1.1 | 192.168.2.5 | 0x31c5 | No error (0) | 104.21.59.82 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49726 | 172.67.136.103 | 443 | 2928 | C:\Windows\System32\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 20:44:19 UTC | 229 | OUT | |
2024-04-25 20:44:19 UTC | 252 | OUT | |
2024-04-25 20:44:24 UTC | 576 | IN | |
2024-04-25 20:44:24 UTC | 26 | IN | |
2024-04-25 20:44:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49727 | 172.67.136.103 | 443 | 2928 | C:\Windows\System32\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 20:44:25 UTC | 229 | OUT | |
2024-04-25 20:44:25 UTC | 180 | OUT | |
2024-04-25 20:44:31 UTC | 578 | IN | |
2024-04-25 20:44:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49728 | 172.67.136.103 | 443 | 2928 | C:\Windows\System32\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 20:44:31 UTC | 229 | OUT | |
2024-04-25 20:44:31 UTC | 180 | OUT | |
2024-04-25 20:44:44 UTC | 572 | IN | |
2024-04-25 20:44:44 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49729 | 172.67.136.103 | 443 | 2928 | C:\Windows\System32\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 20:44:44 UTC | 229 | OUT | |
2024-04-25 20:44:44 UTC | 180 | OUT | |
2024-04-25 20:44:58 UTC | 568 | IN | |
2024-04-25 20:44:58 UTC | 162 | IN | |
2024-04-25 20:44:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49730 | 172.67.219.28 | 443 | 2928 | C:\Windows\System32\rundll32.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 20:44:59 UTC | 227 | OUT | |
2024-04-25 20:44:59 UTC | 180 | OUT | |
2024-04-25 20:45:08 UTC | 578 | IN | |
2024-04-25 20:45:08 UTC | 118 | IN | |
2024-04-25 20:45:08 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b89e0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71abb0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71abb0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 22:42:55 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f3150000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 22:42:56 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71abb0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 22:42:58 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71abb0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 22:43:01 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71abb0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 22:43:06 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f3150000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 20 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\ipconfig.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff707600000 |
File size: | 35'840 bytes |
MD5 hash: | 62F170FB07FDBB79CEB7147101406EB8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 21 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 22:44:57 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\systeminfo.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72d970000 |
File size: | 110'080 bytes |
MD5 hash: | EE309A9C61511E907D87B10EF226FDCD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 22:44:58 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\wbem\WmiPrvSE.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ef0c0000 |
File size: | 496'640 bytes |
MD5 hash: | 60FF40CFD7FB8FE41EE4FE9AE5FE1C51 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 26 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\nltest.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69bc90000 |
File size: | 540'672 bytes |
MD5 hash: | 70E221CE763EA128DBA484B2E4903DE1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\nltest.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69bc90000 |
File size: | 540'672 bytes |
MD5 hash: | 70E221CE763EA128DBA484B2E4903DE1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff607be0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 33 |
Start time: | 22:44:59 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 34 |
Start time: | 22:45:00 |
Start date: | 25/04/2024 |
Path: | C:\Windows\System32\net.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6feb10000 |
File size: | 59'904 bytes |
MD5 hash: | 0BD94A338EEA5A4E1F2830AE326E6D19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Execution Graph
Execution Coverage: | 0.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 31 |
Total number of Limit Nodes: | 1 |
Graph
Function 0000000180070044 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 116memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800701F0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180070210 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 59memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800033E0 Relevance: 95.4, APIs: 52, Strings: 2, Instructions: 931filememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004A650 Relevance: 79.3, APIs: 37, Strings: 8, Instructions: 513filesleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800655A8 Relevance: 68.6, APIs: 28, Strings: 11, Instructions: 339libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180010580 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 237registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018007C140 Relevance: 61.4, APIs: 32, Strings: 2, Instructions: 1880COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003AFE8 Relevance: 53.2, APIs: 29, Strings: 1, Instructions: 700COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180076930 Relevance: 46.7, APIs: 22, Strings: 4, Instructions: 1188COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180008E20 Relevance: 46.2, APIs: 20, Strings: 6, Instructions: 684registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001ECF4 Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 323fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180062148 Relevance: 43.9, APIs: 14, Strings: 11, Instructions: 114libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018002B2EC Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 383fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004B1A4 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 223processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180049278 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 121memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180026C84 Relevance: 33.8, APIs: 12, Strings: 7, Instructions: 559COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180002610 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 416registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800097E0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 326libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004E5DC Relevance: 30.3, APIs: 15, Strings: 2, Instructions: 545registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180060578 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 289registrywindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005958C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 169registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018007E7C7 Relevance: 28.7, APIs: 16, Strings: 3, Instructions: 248COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005D014 Relevance: 28.4, APIs: 8, Strings: 8, Instructions: 422timesynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180052FD8 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 303registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000834C Relevance: 19.8, APIs: 13, Instructions: 336stringregistryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180060174 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 270COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180040CB0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 78libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003A8D4 Relevance: 16.6, APIs: 11, Instructions: 87libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800647B0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 395memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180066A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180070760 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800220D8 Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 878COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006A994 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 339COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180010B58 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180066C3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180075480 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180072A27 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 223COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000A7AC Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006C470 Relevance: .7, Instructions: 683COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006D3D4 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180060FE0 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 126libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004D480 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330processsynchronizationthreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005AC40 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 242COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006442C Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180011308 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 327COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800133B0 Relevance: 35.4, APIs: 13, Strings: 7, Instructions: 447COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180066428 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 103registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180024CD4 Relevance: 32.0, APIs: 6, Strings: 12, Instructions: 490COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180017114 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 278sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180056DE8 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180044F64 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 320COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004C034 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 112memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003AC1C Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 107COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004872C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 318COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004F018 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180014138 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800495A4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 74COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004C3C8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 187COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E07C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 163filetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180056C84 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004808C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 252COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180066608 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180002308 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 102libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006D6CC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorysynchronizationCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800448C4 Relevance: 19.8, APIs: 13, Instructions: 310memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001D0C0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 268COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180049798 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221memorycomserviceCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180007338 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 189COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B3A4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180060B20 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180078A30 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004A39C Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 158COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180056400 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 142registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005619C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B708 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 99COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180052160 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 78COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180049164 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180019044 Relevance: 16.6, APIs: 11, Instructions: 86libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003F070 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004F30C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180001284 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 57libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180031364 Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 232COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800421D4 Relevance: 15.2, APIs: 10, Instructions: 163networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180052280 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 220COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018002C720 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003AA00 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 156sleepthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005E750 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152filesynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800570A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180044568 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005ECC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180004288 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180060A0C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180008B5C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66libraryloaderregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005F270 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54filewindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180064DE4 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004242C Relevance: 13.7, APIs: 9, Instructions: 156networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004578C Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 443COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001E59C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 311COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180036EC8 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 238COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003721C Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 234stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180068390 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800744F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180040688 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180040E18 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800197DC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003C6D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001B004 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180074200 Relevance: 12.1, APIs: 8, Instructions: 98COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180056664 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 463registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018002D320 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 350COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004C720 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 248COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180042664 Relevance: 10.7, APIs: 7, Instructions: 237networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180068020 Relevance: 10.7, APIs: 7, Instructions: 200COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000CB00 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 189COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E478 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800416AC Relevance: 10.7, APIs: 7, Instructions: 186filetimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180073620 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180037560 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003168C Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000C97C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005AAEC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180056534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800562D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000892C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004F468 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180084E36 Relevance: 10.6, APIs: 7, Instructions: 50memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180018E8C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013600 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 203COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180026754 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 142stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003775C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 124stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180066808 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 114COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180068954 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 113COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015128 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 327COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004CD44 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004687C Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 248COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001D78C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800253C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180010990 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800671A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180074740 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96sleeplibraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180008224 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E2D8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005F320 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32filewindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180074A30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800572CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180070F00 Relevance: 7.7, APIs: 5, Instructions: 174COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180016CA8 Relevance: 7.6, APIs: 5, Instructions: 114COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180021380 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 416COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800543E4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800546E8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000C374 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140synchronizationtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180011110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180048BC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180009628 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800676F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000D00C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800353E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180042088 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005CCA8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005F014 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180067380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005C9F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005CDD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B1FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B0F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006A4C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001915C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180067610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180040358 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003C7D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180002DE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800142E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800560C8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018002AD5C Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 381COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018002CD40 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 142COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018006C200 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 90COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001D048 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 33COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180073130 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180042CB8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018003A138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001C31C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005944C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000D718 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180019224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004AF08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018004B054 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005F710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180019344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005AFB8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180074CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40sleepthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018005B310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |