Windows
Analysis Report
Mol2sxTjLw.exe
Overview
General Information
Sample name: | Mol2sxTjLw.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original sample name: | 2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030 |
Analysis ID: | 1431956 |
MD5: | f1f1e44ce2d94e04b8bcfd71e77f3e08 |
SHA1: | 878526629858534871c263cde4b97da4a9c5eb9a |
SHA256: | 2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030 |
Infos: | |
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Mol2sxTjLw.exe (PID: 3484 cmdline:
"C:\Users\ user\Deskt op\Mol2sxT jLw.exe" MD5: F1F1E44CE2D94E04B8BCFD71E77F3E08)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Code function: | 0_2_00007FF726AB6270 |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF7269D9000 | |
Source: | Code function: | 0_2_00007FF726AB5120 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FF726935430 | |
Source: | Code function: | 0_2_00007FF72699B7D0 | |
Source: | Code function: | 0_2_00007FF7269AEFD0 | |
Source: | Code function: | 0_2_00007FF726A31FC0 | |
Source: | Code function: | 0_2_00007FF72695C7D0 | |
Source: | Code function: | 0_2_00007FF7269C97B0 | |
Source: | Code function: | 0_2_00007FF7269B4800 | |
Source: | Code function: | 0_2_00007FF7269D4010 | |
Source: | Code function: | 0_2_00007FF726A8CFF0 | |
Source: | Code function: | 0_2_00007FF7269BAFE0 | |
Source: | Code function: | 0_2_00007FF726A33F90 | |
Source: | Code function: | 0_2_00007FF7269470D0 | |
Source: | Code function: | 0_2_00007FF7269628D0 | |
Source: | Code function: | 0_2_00007FF726A8A0A0 | |
Source: | Code function: | 0_2_00007FF726AC3900 | |
Source: | Code function: | 0_2_00007FF726A33100 | |
Source: | Code function: | 0_2_00007FF72697C8F0 | |
Source: | Code function: | 0_2_00007FF726AFE850 | |
Source: | Code function: | 0_2_00007FF72695D040 | |
Source: | Code function: | 0_2_00007FF726946080 | |
Source: | Code function: | 0_2_00007FF726A30880 | |
Source: | Code function: | 0_2_00007FF72697D870 | |
Source: | Code function: | 0_2_00007FF7269B5DC0 | |
Source: | Code function: | 0_2_00007FF726951DD0 | |
Source: | Code function: | 0_2_00007FF726A7C5F0 | |
Source: | Code function: | 0_2_00007FF726988DF0 | |
Source: | Code function: | 0_2_00007FF7269BAFE0 | |
Source: | Code function: | 0_2_00007FF72697D550 | |
Source: | Code function: | 0_2_00007FF726985D30 | |
Source: | Code function: | 0_2_00007FF7269B3D80 | |
Source: | Code function: | 0_2_00007FF7269CD570 | |
Source: | Code function: | 0_2_00007FF726946EB0 | |
Source: | Code function: | 0_2_00007FF726AFDEF0 | |
Source: | Code function: | 0_2_00007FF72697CEF0 | |
Source: | Code function: | 0_2_00007FF726963E40 | |
Source: | Code function: | 0_2_00007FF726A72650 | |
Source: | Code function: | 0_2_00007FF726AAEE30 | |
Source: | Code function: | 0_2_00007FF72695E620 | |
Source: | Code function: | 0_2_00007FF7269A8E60 | |
Source: | Code function: | 0_2_00007FF726962E60 | |
Source: | Code function: | 0_2_00007FF726982E70 | |
Source: | Code function: | 0_2_00007FF7269B73D0 | |
Source: | Code function: | 0_2_00007FF72695DBD0 | |
Source: | Code function: | 0_2_00007FF726A30BB0 | |
Source: | Code function: | 0_2_00007FF72697CBB0 | |
Source: | Code function: | 0_2_00007FF7269CCC00 | |
Source: | Code function: | 0_2_00007FF726AFEC10 | |
Source: | Code function: | 0_2_00007FF726A86C00 | |
Source: | Code function: | 0_2_00007FF7269D2BE0 | |
Source: | Code function: | 0_2_00007FF726A81350 | |
Source: | Code function: | 0_2_00007FF7269B6380 | |
Source: | Code function: | 0_2_00007FF726A8FB80 | |
Source: | Code function: | 0_2_00007FF726ABEB60 | |
Source: | Code function: | 0_2_00007FF726952370 | |
Source: | Code function: | 0_2_00007FF72694FCA0 | |
Source: | Code function: | 0_2_00007FF726AB0D10 | |
Source: | Code function: | 0_2_00007FF726AAE4F0 | |
Source: | Code function: | 0_2_00007FF726B14C90 | |
Source: | Code function: | 0_2_00007FF726A32480 | |
Source: | Code function: | 0_2_00007FF726AB8C70 | |
Source: | Code function: | 0_2_00007FF7269D39C0 | |
Source: | Code function: | 0_2_00007FF7269801A0 | |
Source: | Code function: | 0_2_00007FF7269A99B0 | |
Source: | Code function: | 0_2_00007FF7269B6200 | |
Source: | Code function: | 0_2_00007FF726963A10 | |
Source: | Code function: | 0_2_00007FF726A911E0 | |
Source: | Code function: | 0_2_00007FF72698F150 | |
Source: | Code function: | 0_2_00007FF726AB5120 | |
Source: | Code function: | 0_2_00007FF726A58920 | |
Source: | Code function: | 0_2_00007FF7269D6180 | |
Source: | Code function: | 0_2_00007FF726946990 | |
Source: | Code function: | 0_2_00007FF726A85170 | |
Source: | Code function: | 0_2_00007FF72697A160 | |
Source: | Code function: | 0_2_00007FF7269C8970 | |
Source: | Code function: | 0_2_00007FF726A32AC0 | |
Source: | Code function: | 0_2_00007FF7269DB2A0 | |
Source: | Code function: | 0_2_00007FF726B172A0 | |
Source: | Code function: | 0_2_00007FF7269AAB10 | |
Source: | Code function: | 0_2_00007FF726A95AF0 | |
Source: | Code function: | 0_2_00007FF7269B1A20 | |
Source: | Code function: | 0_2_00007FF726A8C220 | |
Source: | Code function: | 0_2_00007FF726A7F280 | |
Source: | Code function: | 0_2_00007FF726ABBA70 | |
Source: | Code function: | 0_2_00007FF726964A60 | |
Source: | Code function: | 0_2_00007FF726A72A70 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF726AC0D00 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF726ABA0F0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF726ABA0F0 |
Source: | Code function: | 0_2_00007FF726ABFDF0 |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF7269D9000 | |
Source: | Code function: | 0_2_00007FF726AB5120 |
Source: | Code function: | 0_2_00007FF7269D8FC0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF726ABA0F0 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF726ABA0F0 | |
Source: | Code function: | 0_2_00007FF726CACD8C |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | NtClose: | |||
Source: | NtQuerySystemInformation: | Jump to behavior | ||
Source: | NtCreateThreadEx: | Jump to behavior | ||
Source: | NtQueueApcThread: | Jump to behavior |
Source: | Code function: | 0_2_00007FF726CAD868 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Abuse Elevation Control Mechanism | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 3 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | ReversingLabs | |||
7% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431956 |
Start date and time: | 2024-04-26 04:06:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Mol2sxTjLw.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original Sample Name: | 2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030 |
Detection: | MAL |
Classification: | mal52.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Time | Type | Description |
---|---|---|
04:07:04 | API Interceptor |
File type: | |
Entropy (8bit): | 6.535112381346819 |
TrID: |
|
File name: | Mol2sxTjLw.exe |
File size: | 5'901'312 bytes |
MD5: | f1f1e44ce2d94e04b8bcfd71e77f3e08 |
SHA1: | 878526629858534871c263cde4b97da4a9c5eb9a |
SHA256: | 2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030 |
SHA512: | 748e33a5b8cb7aeb31e51a79c116fb78e8ce572f490ec0c93d00c8241060e6138a03da12ab0c2f3e03fefc9435a761e36996b6c42f3572ed4bebc809130456e3 |
SSDEEP: | 49152:NvX/aPftKKrS0T4Ma/9rYzypYrBbXBzFOh3nf5X0R2VAbXBFibvV7pWS7l0k5to+:0PfAJG01a4p509hsmtUv2O |
TLSH: | 16567C0BF25A50EDC8ADC179631B6136E6797C8907317DEF5784AB212E22BE16F39700 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....w.d..........".......7...........7........@..............................Z.......Z...`........................................ |
Icon Hash: | 34f3d3d3d3d3c0d5 |
Entrypoint: | 0x14037d1e0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x648977D9 [Wed Jun 14 08:18:33 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | b54b1ef811f6b0401efda3c7b931445c |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F03607D2044h |
dec eax |
add esp, 28h |
jmp 00007F03607D1837h |
int3 |
int3 |
dec eax |
mov dword ptr [esp+08h], ebx |
push edi |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [000CFF43h] |
mov edi, 00000001h |
dec eax |
cmp eax, edi |
je 00007F03607D1A35h |
dec eax |
test eax, eax |
jne 00007F03607D1A2Bh |
dec eax |
lea ecx, dword ptr [000C168Dh] |
call dword ptr [000C24CFh] |
dec eax |
mov ebx, eax |
dec eax |
test eax, eax |
jne 00007F03607D19C7h |
dec eax |
mov ebx, edi |
jmp 00007F03607D19FAh |
dec eax |
lea edx, dword ptr [000C15FBh] |
dec eax |
mov ecx, ebx |
call dword ptr [000C24C2h] |
dec eax |
test eax, eax |
je 00007F03607D19A8h |
dec eax |
lea edx, dword ptr [000C15CEh] |
dec eax |
mov dword ptr [000CFEFFh], eax |
dec eax |
mov ecx, ebx |
call dword ptr [000C24A6h] |
dec eax |
test eax, eax |
je 00007F03607D198Ch |
dec eax |
mov dword ptr [000CFEF2h], eax |
xor eax, eax |
dec eax |
cmpxchg dword ptr [000CFED7h], ebx |
jne 00007F03607D19C7h |
dec eax |
cmp ebx, edi |
je 00007F03607D19CCh |
dec eax |
cmp eax, edi |
je 00007F03607D19C7h |
inc eax |
mov al, bh |
jmp 00007F03607D19C4h |
xor al, al |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
add esp, 20h |
pop edi |
ret |
int3 |
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
dec eax |
mov dword ptr [esp+18h], edi |
dec esp |
arpl word ptr [FFC82D96h], ax |
dec eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x43eb2e | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x463000 | 0x1e768 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x44e000 | 0x1104c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5a5000 | 0x8f58 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x3c2b18 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3c29d0 | 0x138 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x43f428 | 0x7c8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x43ea70 | 0x60 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x37d074 | 0x37d200 | 7f1c88e32eb19c02d56e14e64749cfde | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x37f000 | 0xc5194 | 0xc5200 | 57bc3f135ebadf0bab01caea9d15d9d6 | False | 0.2477533489220038 | data | 5.685241725640412 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x445000 | 0x81b0 | 0x2800 | 2de76f79725762a8261d83c49a27e17d | False | 0.21640625 | DIY-Thermocam raw data (Lepton 2.x), scale -8169-14400, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.013077 | 4.438603483086372 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x44e000 | 0x1104c | 0x11200 | ce94da9e35ab152f5a868b5d1184a5b0 | False | 0.5118470574817519 | data | 6.0165755401348475 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.00cfg | 0x460000 | 0x28 | 0x200 | 61b26ac82f5ef59e2f85a690ab847e8b | False | 0.056640625 | data | 0.38705962180443587 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x461000 | 0x21 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.voltbl | 0x462000 | 0x1c | 0x200 | 23f0a60c1fae6a32fd2809c95392fbdf | False | 0.080078125 | data | 0.48861744622245973 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x463000 | 0x141300 | 0x141400 | 6fcd83c3bb1d66a802525b568a2a8efe | False | 0.6834417558365758 | data | 5.710708507362896 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5a5000 | 0x8f58 | 0x9000 | 1e13149911cc83d93f1fac6aec76bebb | False | 0.07294379340277778 | data | 5.436495275113697 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x4630a0 | 0x1e6b3 | PNG image data, 4096 x 4096, 8-bit/color RGBA, non-interlaced | English | United States | 0.46371042176652355 |
RT_GROUP_ICON | 0x481754 | 0x14 | data | English | United States | 1.1 |
DLL | Import |
---|---|
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CreateDirectoryW, CreateEventW, CreateFileMappingW, CreateFileW, CreateJobObjectW, CreateProcessW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FlushFileBuffers, FormatMessageA, FreeLibrary, GetCommandLineW, GetConsoleMode, GetConsoleScreenBufferInfo, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDriveTypeW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileType, GetFinalPathNameByHandleW, GetLastError, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleW, GetNativeSystemInfo, GetProcAddress, GetProcessAffinityMask, GetProcessGroupAffinity, GetProcessTimes, GetStdHandle, GetSystemInfo, GetSystemTime, GetSystemTimeAsFileTime, GetVolumePathNameW, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, K32GetProcessMemoryInfo, LeaveCriticalSection, LoadLibraryExA, LoadLibraryW, LocalFree, MapViewOfFile, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SearchPathW, SetConsoleCtrlHandler, SetConsoleTextAttribute, SetCurrentDirectoryW, SetErrorMode, SetEvent, SetFileTime, SetInformationJobObject, SetLastError, SetProcessAffinityMask, SetThreadGroupAffinity, SetUnhandledExceptionFilter, SystemTimeToFileTime, TerminateProcess, UnhandledExceptionFilter, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleW |
ADVAPI32.dll | CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RegCloseKey, RegGetValueW, RegOpenKeyExA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 04:07:03 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\Mol2sxTjLw.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff726930000 |
File size: | 5'901'312 bytes |
MD5 hash: | F1F1E44CE2D94E04B8BCFD71E77F3E08 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 46.3% |
Total number of Nodes: | 54 |
Total number of Limit Nodes: | 4 |
Graph
Function 00007FF726935430 Relevance: 28.7, APIs: 1, Strings: 15, Instructions: 659memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABEB60 Relevance: 81.4, APIs: 30, Strings: 16, Instructions: 894COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABA0F0 Relevance: 43.8, APIs: 14, Strings: 11, Instructions: 94libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269DB2A0 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 418COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABFDF0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185synchronizationtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB5120 Relevance: 23.4, APIs: 12, Strings: 1, Instructions: 610COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB8C70 Relevance: 16.6, APIs: 2, Strings: 7, Instructions: 826COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AC0D00 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 497windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D9000 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABBA70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72694FCA0 Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 834COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB6270 Relevance: 9.1, APIs: 6, Instructions: 65encryptiontimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726988DF0 Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 829COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72699B7D0 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 537COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726982E70 Relevance: .9, Instructions: 884COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269B4800 Relevance: .8, Instructions: 832COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269C8970 Relevance: .7, Instructions: 676COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269CCC00 Relevance: .4, Instructions: 393COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D39C0 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A58920 Relevance: .4, Instructions: 375COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A8C220 Relevance: .4, Instructions: 361COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AC3900 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A86C00 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72697A160 Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72695DBD0 Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB0D10 Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269BAFE0 Relevance: .3, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72695D040 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72695E620 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A95AF0 Relevance: .3, Instructions: 299COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D4010 Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A911E0 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AAEE30 Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D6180 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A8FB80 Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A85170 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726962E60 Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269B3D80 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269628D0 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726985D30 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72697CBB0 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72697CEF0 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72697C8F0 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72697D550 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726963E40 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726946990 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269AEFD0 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726964A60 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726A72650 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726946EB0 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269CD570 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726963A10 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269B6200 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269470D0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269B1A20 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABA340 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 294threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABABA0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 9COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AC2030 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 327fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D7740 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726ABCAF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269D50C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 189COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB67F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB6510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726AB6380 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7269A69F0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 280COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF726B425E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |