Windows
Analysis Report
QualityUpdateAssistant.dll
Overview
General Information
Detection
Score: | 11 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Classification
Analysis Advice
Sample may be VM or Sandbox-aware, try analysis on a native machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample crashes during execution, try analyze it on another analysis machine |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
- System is w10x64
- loaddll64.exe (PID: 6456 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\Qua lityUpdate Assistant. dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 6180 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 1600 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\Qua lityUpdate Assistant. dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 7160 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Qual ityUpdateA ssistant.d ll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 1560 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 160 -s 516 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 3876 cmdline:
rundll32.e xe C:\User s\user\Des ktop\Quali tyUpdateAs sistant.dl l,Execute MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 3452 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 3 876 -s 516 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 6548 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Qual ityUpdateA ssistant.d ll",Execut e MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 2436 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 548 -s 508 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 5512 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 456 -s 488 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Code function: | 3_2_00007FF8B90D34B0 | |
Source: | Code function: | 3_2_00007FF8B90CE310 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_00007FF8B90C5128 | |
Source: | Code function: | 3_2_00007FF8B90B16E8 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 3_2_00007FF8B90CE0C0 |
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_00007FF8B90C16D4 | |
Source: | Code function: | 3_2_00007FF8B90C1514 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 3_2_00007FF8B90A4D2C | |
Source: | Code function: | 3_2_00007FF8B90AF744 | |
Source: | Code function: | 3_2_00007FF8B90A5A6C | |
Source: | Code function: | 3_2_00007FF8B90B9AF0 | |
Source: | Code function: | 3_2_00007FF8B90B7AE4 | |
Source: | Code function: | 3_2_00007FF8B90D398C | |
Source: | Code function: | 3_2_00007FF8B90C99C4 | |
Source: | Code function: | 3_2_00007FF8B90ABC04 | |
Source: | Code function: | 3_2_00007FF8B90C6C7B | |
Source: | Code function: | 3_2_00007FF8B90BEE54 | |
Source: | Code function: | 3_2_00007FF8B90ADEB4 | |
Source: | Code function: | 3_2_00007FF8B90ACD10 | |
Source: | Code function: | 3_2_00007FF8B90C607B | |
Source: | Code function: | 3_2_00007FF8B90B329F | |
Source: | Code function: | 3_2_00007FF8B90D4110 | |
Source: | Code function: | 3_2_00007FF8B90AD450 | |
Source: | Code function: | 3_2_00007FF8B90D34B0 | |
Source: | Code function: | 3_2_00007FF8B90C731B | |
Source: | Code function: | 3_2_00007FF8B90B53A8 | |
Source: | Code function: | 3_2_00007FF8B90AA3D9 | |
Source: | Code function: | 3_2_00007FF8B90C9664 | |
Source: | Code function: | 3_2_00007FF8B90B16E8 | |
Source: | Code function: | 3_2_00007FF8B90B3878 | |
Source: | Code function: | 3_2_00007FF8B90A9749 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 3_2_00007FF8B90C5370 |
Source: | Code function: | 3_2_00007FF8B90C5950 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_00007FF8B90B3878 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_00007FF8B90C881B |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 3_2_00007FF8B90B69E8 |
Source: | Code function: | 3_2_00007FF8B90C5128 | |
Source: | Code function: | 3_2_00007FF8B90B16E8 |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_00007FF8B90A657C |
Source: | Code function: | 3_2_00007FF8B90B3878 |
Source: | Code function: | 3_2_00007FF8B90A4D2C |
Source: | Code function: | 3_2_00007FF8B90DAFDC | |
Source: | Code function: | 3_2_00007FF8B90DA6A4 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 3_2_00007FF8B90C4AD0 |
Source: | Code function: | 3_2_00007FF8B90D6C88 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 11 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 22 Virtualization/Sandbox Evasion | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 22 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 4 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Rundll32 | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Timestomp | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432032 |
Start date and time: | 2024-04-26 10:21:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | QualityUpdateAssistant.dll |
Detection: | CLEAN |
Classification: | clean11.evad.winDLL@14/19@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
10:22:43 | API Interceptor | |
10:22:54 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll64.exe_f1e2a93da88b32cda8c0398fc0f16d5f7ea571e1_606702e6_15d5ab69-9905-49c3-8179-a8d144bd5245\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.83652996845335 |
Encrypted: | false |
SSDEEP: | 96:8N8NX8ap6EsthNGTgF6faQXIDcQ2c6hFcECcw3v62v+HbHg/5P9usmdKaRFYAKto:8y866ERN0I3osjGzrzuiFuZ24lO81 |
MD5: | F6959C5F2692AB43EBF300898C1D61D9 |
SHA1: | 7EA6E6C168EC7D4134D7A39AACCD499A2F6CBC9C |
SHA-256: | 059D15AA4730BB57917087E2D1EECFAF54A881C976622693DD1790C378E6A156 |
SHA-512: | A15630CB3AC8F65B48C98FD5615D184E3949BBCEE2886A9D084A7F386BBCA32A4BD34336AC950154DD8D19616BA3F5AEB0EDF75F9FB62EE38766A8A7688849D3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Qua_69d6fdc2216b7557c151bb744884d1a78ca7bd0_cb9a354e_aa478cdb-a592-4df8-bd48-f5f1f889ca29\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8924917592651292 |
Encrypted: | false |
SSDEEP: | 192:z6YWzikyICwf0YpYVfhj5/XzuiFuZ24lO8zbM:W9iJIuYpYthjxzuiFuY4lO8v |
MD5: | 3E206F36A4F3DA5AA620386C02F27621 |
SHA1: | 3ADC7080E26009662592E6660DD362096D486063 |
SHA-256: | 06AFC1DDE1B7AB88576566F24CFC8B77F501E0F1D24D4AF44C6F1B56B4FC602B |
SHA-512: | 2FA18F699133D063F8E459A86800D5F3C5EB998FA58E326EADDA8A559BFED7244563BBF7C9C21C13CE0CDF42E64D0FEB7262E72A0618AC7191CF01B41C7ECF88 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Qua_69d6fdc2216b7557c151bb744884d1a78ca7bd0_cb9a354e_cbaa4629-6e7a-4c66-8044-c5a78e9f22e9\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8891279788192098 |
Encrypted: | false |
SSDEEP: | 192:g0qziRyeCwf0YpYVfhj5fXzuiFuZ24lO8zbM:DMiUeuYpYthjxzuiFuY4lO8v |
MD5: | 808875342C2A98BE3A3D9D573F0ECC1C |
SHA1: | E302D4829ED31B342EA1E3D455482C551C5AC56B |
SHA-256: | 6BA3814B09804A8F32E565BFEBCFF02100F93783D75EFFD119CB32F6560D783B |
SHA-512: | 7A832AC8D083E028F1D134938F8613368D16E512AE8B62018D614E1A1C131DDA32EA410458A7F9F17B8E4D1A13958AFFAC0B601EEEB12CCF8391B3D86F2E4E08 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Qua_69d6fdc2216b7557c151bb744884d1a78ca7bd0_cb9a354e_ef734fa1-f744-4e89-a5e4-a6e6eee6643c\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8921681460927494 |
Encrypted: | false |
SSDEEP: | 192:KLziUyPCwf0YpYVfhj5fXzuiFuZ24lO8zbMB:CiZPuYpYthjRzuiFuY4lO8vi |
MD5: | CF2A8363A1CC5B3195C13DC88A79E274 |
SHA1: | D639B5F856734353CC090F60A49D8CB97C81ED01 |
SHA-256: | A928546B4AE2AAA9AF95DE7540699720393E355809BD773E84C013BE9489BFB8 |
SHA-512: | 43EA24C775815696DB5D769B41A2F70CB108390FAFEB9615D6AF8CA8957991C3552F6ED0D03F0914F49836B2B3A8B77D6848BA703A3AF19B617396FCF4F63EFC |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62674 |
Entropy (8bit): | 1.8797619422280836 |
Encrypted: | false |
SSDEEP: | 192:iq674OM9ZyXQXNoVOQd+h+3KKXKxxv9wTbp+eQkLnIyz:6LOyXHO1saFxxvQFQkLdz |
MD5: | E2E53D52C9E0C9ABAC854F9DBB89ECCF |
SHA1: | 1FB374107F20C4FD1774328DB106134229C93253 |
SHA-256: | B1A53D09D84688D3CBA657583F0E5F65B247FC42E85B23846B107AC4E20858B0 |
SHA-512: | 73FDDFB4FBDC3CC70E83D21EAC99EBF9406C9174CA8B7DC45DAA6A7E77E900ACA2477023AF4EBC63F811C6D681AB9576841CC1EE8D5E278A2B8955B6BE6CCF4C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61462 |
Entropy (8bit): | 1.8809869877234071 |
Encrypted: | false |
SSDEEP: | 192:icE7hOM9pBz91rxqBjmh+3KKXYReTp+/6Und8BU:qgur1FEjmsa8Y6UneBU |
MD5: | A6F45F2A3652368E8E03524AC36A3399 |
SHA1: | 3DCAD23343257801EA549D149F9B05C242D36A51 |
SHA-256: | 98BE69D51B892D76CEED65BE6176DEBB7E2A4510EBE3AF2DF8CEEC971A2D5BD9 |
SHA-512: | F22022AEF0785166EEA8DB7D4C390D7214D97669B57850C16E0ECADB0F7EF4A817A0E3E74CDBA21602FC2AE0BA73287CF6F637ECED12B08AFB37EA329CF8ED0D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8834 |
Entropy (8bit): | 3.698605704212644 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJFY56YEBRwd13gmfcdm7DmfMprr89bD6zffBm:R6lXJ656YSmd13gmfkADOlDmf0 |
MD5: | 27415E18356B524FE3A4F68035FBCFF9 |
SHA1: | D04BF0F459D47A460D9EFDEAE473B888289D8C32 |
SHA-256: | 0146BE862CAAD84CB162BCF74888CF9368B1EEB148AD23ED5D4EF60601834E37 |
SHA-512: | 18B5E72FEA94F49079928906D0DD3BE64E47C40D74EDF2508BAFFA4E67E04C54DABA0F94589ABFA5772A8DA631FDA9B61329F816827949DFF60951E58D5BDE36 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9022 |
Entropy (8bit): | 3.7047736490230125 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ3xmwe6Y4ZZgmfcdm7DmfMpr189bDvkf0vBm:R6lXJBw6Y2ZgmfkADOLDMfN |
MD5: | 6D11AC24387229F673531763F8E545E1 |
SHA1: | 32F40F4DFB770AC2C70DD3E9EAE619B0393D46D1 |
SHA-256: | 0768F0E7023ACEBE72817CBDA40703C9A48666CF860124198C52894A38581A4A |
SHA-512: | 99D19209B37A54407D7C2598AE7ECA43639EA56A307E4A959DFD2D91A7A3635BCF92C8F86BD8177F793ECEDADBB4A672452BD3122D0753C90B7AA5D53187D79C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4830 |
Entropy (8bit): | 4.512628709491895 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsYJg771I9cnWpW8VYCYm8M4JCkqCkIfaFCHvNyq85mk4o0ptSTS+d:uIjfeI7TW7VWJxkMxH1e45poO+d |
MD5: | 62710D05C003D6C256FB348F47D78FCD |
SHA1: | 2CA3D05FBFC1F2085783FE1DC4D3779578A05F16 |
SHA-256: | 4A1F3E6329677C8D40964CDEB08437698F19ACD0A6AC321EAA0F0DB36E87FE09 |
SHA-512: | 9793930C070350BB3FC007DD7D7E618E101FAEC9387548C6EB3D06F908D7932B7E53386BBD66D806DC81DB4012C567293CE669902F4BCF827F0B37D380BC9969 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4830 |
Entropy (8bit): | 4.516271388733592 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsYJg771I9cnWpW8VYiYm8M4JCkqCkIfaFbuyq85mk4ooptSTShDd:uIjfeI7TW7VmJxkMZe4RpoOhDd |
MD5: | EBC8D2AE6040C00F35881E366EDFE0CF |
SHA1: | FD58E21F68B7A6E2D68E3265A9E9E9489866F3E2 |
SHA-256: | 564B9D46DCD10DADFE297001F02EEE830F211424E9B98713D98DCED94F9537D4 |
SHA-512: | 89EEB74771AECA4AB43815CE25908480F4ECA7ED99F604A06FAA7BB84027637EB355BED38DAD1ABA0EBD8EFB4662F596766AEBECAB00DEB02EB1F54144F990EF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61550 |
Entropy (8bit): | 1.897614889905113 |
Encrypted: | false |
SSDEEP: | 192:fsDfmQFfOM9RCg6PeThbMoT+lL6bOImkyh+3KKXLzGHiSrev:UD+mWmCgZB4HZkysaUz6iz |
MD5: | 07D2642E6FF8F3611705AE811994AAD7 |
SHA1: | 8EAB855EB7F5FCDB45C4C10E542B1403D0EB396D |
SHA-256: | 7A3603735B993B148409C250C82B6E72993CA36E86592AD55E4926A3A862EE7C |
SHA-512: | E0F462901826FB5BD4482CD3E2C026E21816195B53AE9D61F3A07539694CB1D00AD3E46F8DCF06ED6087B3ACA65AA6A3C9950C844F45CC4126606B1DDF17F583 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62810 |
Entropy (8bit): | 1.8207146279836193 |
Encrypted: | false |
SSDEEP: | 384:m3iyBlr7F8my/5bzdg8PpBxPOtTpnliAr:p8zGFtMr |
MD5: | 05726D53D4298A108ED9125DF69D06FF |
SHA1: | 2B0742296AF48D56EB891041E6A11A239141EE29 |
SHA-256: | B078FC16DB2172B2918A1DD65637D7913BB20979A70B77AB7113A0FFE0E05480 |
SHA-512: | 75DBB4874EE5F99702C4B59DED969247F5FC1ED524849A4CA19FBC55F0EDF2AE4EA5586E4914CCD2675CA873C38D688AD95D46CD5B757153EED426F16E7364FC |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8594 |
Entropy (8bit): | 3.6946609876491543 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJazO6Y41ngmfcdm7DmfMprM89be7mfnKm:R6lXJeO6YyngmfkADOwe6f7 |
MD5: | 189375AA2DDC8C4896C23DF60194D97A |
SHA1: | 7F2A3F5DF28CC58812D196E18D6F90B3DF0C635D |
SHA-256: | E4EF327AC82F7023956E3CBAF3F434EB2B3A39EF6A919C67D3C94006951D7D5E |
SHA-512: | 44F0D214501813CC306B5E80F57AF8620FBD0B788102ECE9BE2A63AA4641C59C143C9B2C0E1731CBEB2414EBFF31270AB572A1457500962EF0AF9B51A3EA8E51 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8776 |
Entropy (8bit): | 3.7024859152574585 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJoIv6YEIre2dgmfT752pB789berIcBfJKm:R6lXJPv6YEke2dgmfX5lerIqf1 |
MD5: | 0337BE897B54971DB55FC1A12273364D |
SHA1: | FE098F67D6202AF8F5405F0BBD8FAA0E41F7510D |
SHA-256: | 3897F547AC5C39CB0C45A60EB2EC3C05E719BBF1FF9A93072E2DAEB244BCF533 |
SHA-512: | AA1C94D2A0C25A6BFD555CA90B3403E8A744916CCEDFE9A248795D2AC8CC10DCC4A5D48659608030BEF96465BBDDCF0328B731BF8C49436344972B8EB90B3620 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4829 |
Entropy (8bit): | 4.509959601160068 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsYJg771I9cnWpW8VYzYm8M4JCkqCkIfaFIyq85mk4o/ptSTStd:uIjfeI7TW7VzJxkMje4GpoOtd |
MD5: | 74DF1D13B7E1DBFB0F327F9951BEC3F1 |
SHA1: | 83E44DD32FB6B3A81F4634957BA35543EACC5024 |
SHA-256: | 0F87981B37EAACBB613F1AD71CFEA56E05974C5ED25C901675CBC944DBC7BCDA |
SHA-512: | CF679B8C0B074E6D35381806205D0281E51CF1A7D166137EE9F4D6D6A52755086465893E898DDF931E5AAB770F34127F00CBFDFB5024823F9DE52229C87D9C5C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4672 |
Entropy (8bit): | 4.458275850105816 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsYJg771I9cnWpW8VYKYm8M4J8fAFUtyq85GoPFV1xYd:uIjfeI7TW7VSJQVtLeF7xYd |
MD5: | 1073AA976B78389ECB8F9F68802C060D |
SHA1: | 39935188C206BD9391F4B46534887619DD2CD38F |
SHA-256: | 25456D2AF292455679EED4EE63EFD61212B53982696F9D5CDF2E7DA88CE86EE7 |
SHA-512: | E52AD1DABC8B36EBF772749F5191C4BD8E958688B8D2CCAA0192F13E8399DF2E44BD737CD591768F54F1D79F941C36E0601574800A323119FCED919FCEC6A4EA |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.10531786303762895 |
Encrypted: | false |
SSDEEP: | 12:T42/q2xX/7EzzRipqrGNYDy+f+MMkNYDv:TNNdpuGae+fvaT |
MD5: | 2E0F077C114CAEED131B4DC872A6343D |
SHA1: | 4189E756046B0A6F1A9F2F016899760A7615C79A |
SHA-256: | 6F512F407262462DB4D133491BA2962E7F180208907EEF03819EB7FA10253A40 |
SHA-512: | DF0D9CE4AB29CAF92FAD524FA147FAEB3F405221C3B7DFD9C8DE30BED1C9EA1D75F71801AFC8CDB6E5F14215DB61950FFABE21255F1E755B3B18D1BB848AB962 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.42511024578488 |
Encrypted: | false |
SSDEEP: | 6144:5Svfpi6ceLP/9skLmb0OTvWSPHaJG8nAgeMZMMhA2fX4WABlEnNK0uhiTw:wvloTvW+EZMM6DFyU03w |
MD5: | 1211E301203ABCDB55337D0C0248577A |
SHA1: | 22CDFB0F2A46088EB33317CC68A97812463186A4 |
SHA-256: | 99F80F7BB9CF68393D7CF89048B7F89AD2C3AA62BFD872522D5D7581521B4036 |
SHA-512: | F549470D42A2EFEF808BF3D1F2E79D54AAC64879F62EA2DB64DC196C664697D92DE585D6F152F3D31AB4AD22E087A3559A1700763DE4ADCF1D93BD955A837122 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.10531786303762895 |
Encrypted: | false |
SSDEEP: | 12:T42/q2xX/7EzzRipqrGNYDy+f+MMkNYDv:TNNdpuGae+fvaT |
MD5: | 2E0F077C114CAEED131B4DC872A6343D |
SHA1: | 4189E756046B0A6F1A9F2F016899760A7615C79A |
SHA-256: | 6F512F407262462DB4D133491BA2962E7F180208907EEF03819EB7FA10253A40 |
SHA-512: | DF0D9CE4AB29CAF92FAD524FA147FAEB3F405221C3B7DFD9C8DE30BED1C9EA1D75F71801AFC8CDB6E5F14215DB61950FFABE21255F1E755B3B18D1BB848AB962 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.028559145439662 |
TrID: |
|
File name: | QualityUpdateAssistant.dll |
File size: | 509'408 bytes |
MD5: | 873fca43ec90d167a4244c9867989030 |
SHA1: | ab368df3c3e152c4efcb2ffc09c4870743d360f3 |
SHA256: | a07d18fed2517e314e001a98b0d3342f27951338e78096a61c3a5a3eb32e3397 |
SHA512: | fdd7d3be06bdc68ef89226bb48414ba33b848902d4be2cef7ffa380bde9c170e399a4b1c51453bcc4c843e2609229eb6269aa3381332a30bdd4cf52b28de2cca |
SSDEEP: | 6144:dCtMA6BUPpxj79GcJPTbfnStTLkS4zHoRlR65uZOVhDK+vMXtsyZ+pSEABE1j3pw:EvfnS8HUliDK+vMz+1T77m |
TLSH: | DBB4292D66E84A68E273D6388AB78541E67378551B3193DF02A0C17D6E33FE09D35F22 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Q...Q...Q.......E...X.......Q...........[.......U.......M.......P.............n.S.....l.P.......P...RichQ.................. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x18004a620 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
Time Stamp: | 0xC5977AAD [Fri Jan 18 12:08:13 2075 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 10 |
OS Version Minor: | 0 |
File Version Major: | 10 |
File Version Minor: | 0 |
Subsystem Version Major: | 10 |
Subsystem Version Minor: | 0 |
Import Hash: | 14ce1460ad5cd3ff8a67939f92ac19be |
Signature Valid: | false |
Signature Issuer: | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2031DA039AA9D5538864F72D52C08AD7 |
Thumbprint SHA-1: | 8870483E0E833965A53F422494F1614F79286851 |
Thumbprint SHA-256: | 2724AEB0C497BF5FD732958120D1AE3341CFD252AB1680DE03D10503ABC666C1 |
Serial: | 33000004158295A1A3D82E2857000000000415 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F4AB0F7D207h |
call 00007F4AB0F7DA80h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F4AB0F7D064h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
jmp 00007F4AB0F7E0F0h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
nop word ptr [eax+eax+00000000h] |
dec eax |
cmp ecx, dword ptr [000294D9h] |
jne 00007F4AB0F7D212h |
dec eax |
rol ecx, 10h |
test cx, FFFFh |
jne 00007F4AB0F7D203h |
ret |
dec eax |
ror ecx, 10h |
jmp 00007F4AB0F7D247h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [0000601Bh] |
dec eax |
mov ecx, ebx |
call dword ptr [00006022h] |
call dword ptr [00006214h] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
pop ebx |
dec eax |
jmp dword ptr [000061F8h] |
jno 00007F4AB0F7D1CCh |
ficomp dword ptr [edx] |
mov dh, 17h |
mov eax, 4C894899h |
and al, 08h |
dec eax |
sub esp, 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x6fd70 | 0x58 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6fdc8 | 0x4ec | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7a000 | 0xd48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x76000 | 0x2d24 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x7a000 | 0x25e0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7b000 | 0x610 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x63d48 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x503c0 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x50500 | 0xab8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x6fa78 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4de88 | 0x4e000 | ad118e42a54190660378cb51ac7588f8 | False | 0.4605243389423077 | data | 6.357409718288773 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x4f000 | 0x23ad8 | 0x24000 | 7eb374df03cd0e00bfd47cdc488a7215 | False | 0.3054606119791667 | data | 4.417190105672742 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x73000 | 0x25a0 | 0x1000 | 2702a0a63c1e0a889e10cd4c9480574c | False | 0.196533203125 | data | 2.824729777011446 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x76000 | 0x2d24 | 0x3000 | cae78bf4df57aee5214aca96167c9398 | False | 0.5020345052083334 | PEX Binary Archive | 5.474575160748802 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.didat | 0x79000 | 0x70 | 0x1000 | 0db2b8ee0386ba22f1384974e764b39e | False | 0.017822265625 | data | 0.16740489391507368 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x7a000 | 0xd48 | 0x1000 | 7a1f05b9f4f557fe4a1ddba08e052f8d | False | 0.33837890625 | data | 4.496362030694204 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x7b000 | 0x610 | 0x1000 | 6897cac0234a1219a67234026a9e8f5e | False | 0.229248046875 | data | 2.882649466970565 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
XML | 0x7a4c0 | 0x881 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.39641708773541573 |
RT_VERSION | 0x7a0f0 | 0x3cc | data | English | United States | 0.42386831275720166 |
DLL | Import |
---|---|
api-ms-win-crt-runtime-l1-1-0.dll | _initterm_e, _initterm |
api-ms-win-crt-private-l1-1-0.dll | _o__localtime64, _o__lock_file, _o__malloc_base, _o__purecall, _o__register_onexit_function, _o__seh_filter_dll, _o__unlock_file, _o__wcsdup, _o__wcsicmp, _o__wcsupr_s, _o__free_base, _o__wfsopen, memmove, _o__wtol, _o_abort, _o_ceilf, _o_fclose, _o_fflush, _o_fgetc, _o_fgetpos, _o_fgetwc, _o_fputwc, _o_free, _o_fsetpos, _o_fwrite, _o_malloc, _o_pow, _o_realloc, _o_setlocale, _o_setvbuf, _o_terminate, _o_ungetc, _o_ungetwc, _o_wcstol, _o_wcstoul, __C_specific_handler, __current_exception, __current_exception_context, _CxxThrowException, wcschr, _o__execute_onexit_table, _o__errno, _o__invalid_parameter_noinfo_noreturn, _o__invalid_parameter_noinfo, _o__initialize_onexit_table, _o__crt_atexit, _o__configure_narrow_argv, wcsstr, strchr, __uncaught_exception, _o__initialize_narrow_environment, _o__cexit, _o__calloc_base, _o__callnewh, _o___stdio_common_vswscanf, _o___stdio_common_vswprintf, _o___stdio_common_vsprintf_s, _o___stdio_common_vsnprintf_s, _o___std_type_info_destroy_list, _o___std_exception_destroy, _o___std_exception_copy, _o___pctype_func, _o____mb_cur_max_func, _o____lc_locale_name_func, _o____lc_collate_cp_func, _o____lc_codepage_func, __CxxFrameHandler3, memcmp, _o__fseeki64, memcpy |
api-ms-win-crt-string-l1-1-0.dll | wcsnlen, wcscmp, wcsncmp, memset |
api-ms-win-core-libraryloader-l1-2-0.dll | FreeLibrary, GetModuleFileNameA, LoadLibraryExA, GetModuleFileNameW, GetModuleHandleW, GetModuleHandleExW, LoadLibraryExW, GetProcAddress |
api-ms-win-core-synch-l1-2-0.dll | InitOnceComplete, Sleep, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, InitOnceBeginInitialize, SleepConditionVariableSRW |
api-ms-win-core-synch-l1-1-0.dll | AcquireSRWLockShared, CreateMutexExW, TryAcquireSRWLockExclusive, CreateSemaphoreExW, LeaveCriticalSection, ReleaseSemaphore, WaitForSingleObject, DeleteCriticalSection, ReleaseMutex, InitializeCriticalSection, InitializeSRWLock, CreateEventExW, OpenSemaphoreW, WaitForSingleObjectEx, ReleaseSRWLockExclusive, SetEvent, CreateMutexW, AcquireSRWLockExclusive, ReleaseSRWLockShared, InitializeCriticalSectionEx |
api-ms-win-core-heap-l1-1-0.dll | HeapSize, HeapFree, HeapDestroy, HeapAlloc, HeapReAlloc, GetProcessHeap |
api-ms-win-core-errorhandling-l1-1-0.dll | SetUnhandledExceptionFilter, RaiseException, UnhandledExceptionFilter, GetLastError, SetLastError |
api-ms-win-eventing-provider-l1-1-0.dll | EventWriteTransfer, EventRegister, EventUnregister, EventSetInformation |
api-ms-win-core-processthreads-l1-1-0.dll | GetCurrentThreadId, GetExitCodeProcess, TerminateProcess, GetCurrentProcess, CreateProcessW, GetCurrentProcessId |
api-ms-win-core-localization-l1-2-0.dll | FormatMessageW, GetUserDefaultLocaleName, LCMapStringEx |
api-ms-win-core-debug-l1-1-0.dll | IsDebuggerPresent, DebugBreak, OutputDebugStringW |
api-ms-win-core-handle-l1-1-0.dll | CloseHandle |
OLEAUT32.dll | SysFreeString, VariantClear, VariantInit, SysStringLen, SysAllocString |
api-ms-win-core-rtlsupport-l1-1-0.dll | RtlCaptureContext, RtlVirtualUnwind, RtlLookupFunctionEntry |
api-ms-win-core-processthreads-l1-1-1.dll | IsProcessorFeaturePresent |
api-ms-win-core-profile-l1-1-0.dll | QueryPerformanceCounter |
api-ms-win-core-sysinfo-l1-1-0.dll | GetSystemDirectoryW, GlobalMemoryStatusEx, GetSystemTimeAsFileTime, GetLocalTime, GetWindowsDirectoryW, GetVersionExA, GetSystemTime, GetSystemWindowsDirectoryW |
api-ms-win-core-interlocked-l1-1-0.dll | InitializeSListHead |
api-ms-win-core-shlwapi-legacy-l1-1-0.dll | PathRemoveFileSpecW, PathFileExistsW, PathFindFileNameW |
api-ms-win-core-file-l1-1-0.dll | GetDiskFreeSpaceExW, FindNextFileW, GetFileSize, FindFirstFileW, CreateFileW, FindClose, GetFileAttributesW, DeleteFileW, CreateDirectoryW, CompareFileTime |
api-ms-win-eventing-controller-l1-1-0.dll | StartTraceW, ControlTraceW, EnableTraceEx2 |
api-ms-win-core-registry-l1-1-0.dll | RegDeleteTreeW, RegDeleteValueW, RegQueryInfoKeyW, RegGetValueW, RegEnumValueW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegQueryValueExW |
api-ms-win-security-sddl-l1-1-0.dll | ConvertStringSecurityDescriptorToSecurityDescriptorW |
api-ms-win-eventing-legacy-l1-1-0.dll | QueryTraceW |
api-ms-win-core-com-l1-1-0.dll | CoInitializeEx, CoUninitialize, CLSIDFromString, CoCreateInstance, CoSetProxyBlanket, CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoTaskMemRealloc, CoGetApartmentType, CoTaskMemAlloc, CoWaitForMultipleHandles |
api-ms-win-core-heap-l2-1-0.dll | LocalAlloc, LocalFree, GlobalFree |
api-ms-win-core-string-obsolete-l1-1-0.dll | lstrcmpiW, lstrcmpW |
RPCRT4.dll | UuidCreate |
api-ms-win-core-kernel32-legacy-l1-1-0.dll | GetSystemPowerStatus, MoveFileW |
api-ms-win-core-libraryloader-l1-2-1.dll | LoadLibraryW |
api-ms-win-core-registry-l1-1-1.dll | RegDeleteKeyValueW, RegSetKeyValueW |
api-ms-win-core-realtime-l1-1-0.dll | QueryUnbiasedInterruptTime |
SHELL32.dll | SHGetSpecialFolderPathW |
pdh.dll | PdhCloseQuery, PdhGetFormattedCounterValue, PdhAddCounterW, PdhOpenQueryW, PdhCollectQueryData |
api-ms-win-crt-time-l1-1-0.dll | _time64 |
api-ms-win-crt-locale-l1-1-0.dll | _unlock_locales, _lock_locales |
WINHTTP.dll | WinHttpReceiveResponse, WinHttpSendRequest, WinHttpCloseHandle, WinHttpSetTimeouts, WinHttpOpenRequest, WinHttpQueryOption, WinHttpReadData, WinHttpQueryHeaders, WinHttpAddRequestHeaders, WinHttpConnect, WinHttpOpen, WinHttpQueryDataAvailable |
api-ms-win-core-version-l1-1-1.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW |
CRYPT32.dll | CertGetCertificateChain, CertVerifyCertificateChainPolicy, CertFreeCertificateContext, CryptStringToBinaryW, CertFreeCertificateChain |
api-ms-win-core-version-l1-1-0.dll | VerQueryValueW |
api-ms-win-core-sysinfo-l1-2-0.dll | GetProductInfo |
api-ms-win-core-winrt-string-l1-1-0.dll | WindowsDeleteString, WindowsCreateString, WindowsCreateStringReference, WindowsGetStringRawBuffer |
api-ms-win-core-winrt-l1-1-0.dll | RoGetActivationFactory, RoActivateInstance |
ntdll.dll | NtPowerInformation, RtlConvertDeviceFamilyInfoToString |
api-ms-win-core-processenvironment-l1-1-0.dll | GetEnvironmentVariableW |
api-ms-win-core-file-l1-2-0.dll | GetTempPathW |
api-ms-win-core-kernel32-legacy-l1-1-1.dll | PowerClearRequest, PowerSetRequest, PowerCreateRequest |
api-ms-win-core-timezone-l1-1-0.dll | SystemTimeToFileTime |
api-ms-win-core-winrt-error-l1-1-0.dll | RoOriginateError, RoTransformError |
api-ms-win-core-string-l1-1-0.dll | MultiByteToWideChar, CompareStringEx, WideCharToMultiByte, GetStringTypeW |
api-ms-win-security-cryptoapi-l1-1-0.dll | CryptCreateHash, CryptDestroyHash, CryptReleaseContext, CryptHashData, CryptGetHashParam, CryptAcquireContextW |
api-ms-win-core-memory-l1-1-0.dll | MapViewOfFile, UnmapViewOfFile, CreateFileMappingW |
wkscli.dll | NetGetJoinInformation |
netutils.dll | NetApiBufferFree |
api-ms-win-core-delayload-l1-1-1.dll | ResolveDelayLoadedAPI |
api-ms-win-core-delayload-l1-1-0.dll | DelayLoadFailureHook |
api-ms-win-core-util-l1-1-0.dll | EncodePointer, DecodePointer |
USER32.dll | UnregisterClassA |
NETAPI32.dll | NetFreeAadJoinInformation, NetGetAadJoinInformation |
WINTRUST.dll | WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain |
urlmon.dll | URLDownloadToFileW |
Name | Ordinal | Address |
---|---|---|
Execute | 1 | 0x1800144e0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:22:40 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff601d90000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 10:22:40 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:22:40 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66b790000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:22:40 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683440000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:22:40 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683440000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:22:41 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a3760000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 10:22:41 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a3760000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:22:43 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683440000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 10:22:43 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a3760000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 10:22:43 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a3760000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 20.8% |
Total number of Nodes: | 399 |
Total number of Limit Nodes: | 7 |
Graph
Function 00007FF8B90AF744 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 288memoryfilestringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A4D2C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 197memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AF408 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 208memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A4470 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 247COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B0114 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 244COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C607B Relevance: 83.1, APIs: 6, Strings: 41, Instructions: 807comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B329F Relevance: 82.6, APIs: 14, Strings: 33, Instructions: 347sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90ADEB4 Relevance: 67.0, APIs: 5, Strings: 33, Instructions: 501sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B3878 Relevance: 63.3, APIs: 19, Strings: 17, Instructions: 320registrylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9AF0 Relevance: 61.6, APIs: 26, Strings: 9, Instructions: 300memoryregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C731B Relevance: 60.1, APIs: 6, Strings: 28, Instructions: 561COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A9749 Relevance: 60.0, APIs: 10, Strings: 24, Instructions: 480COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B7AE4 Relevance: 56.7, APIs: 11, Strings: 21, Instructions: 722registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C6C7B Relevance: 51.1, APIs: 9, Strings: 20, Instructions: 388registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AD450 Relevance: 46.1, APIs: 7, Strings: 19, Instructions: 615fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BEE54 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 239COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B16E8 Relevance: 42.3, APIs: 11, Strings: 13, Instructions: 343fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90ACD10 Relevance: 33.7, APIs: 3, Strings: 16, Instructions: 423COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AA3D9 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 305COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C5950 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 255comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B69E8 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 134registrylibrarytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D398C Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 348comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D4110 Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 231fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D34B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 154fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C1514 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 101COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CE0C0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 158filenetworkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A5A6C Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 216memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C5370 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C16D4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 72nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B53A8 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 293memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A657C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C5128 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CE310 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C4AD0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D6C88 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C99C4 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BA3D0 Relevance: 37.2, APIs: 20, Strings: 1, Instructions: 404registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C1220 Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 156registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A1760 Relevance: 31.7, APIs: 2, Strings: 16, Instructions: 175windowthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A775C Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B73D8 Relevance: 28.4, APIs: 4, Strings: 12, Instructions: 380registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B6C08 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 226registrymemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B8BFC Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 201COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AEA7C Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 173synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BD4B8 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 131registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C5D58 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 128processsynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CE9BC Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 421COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B518C Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 138memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D846C Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 107libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9FB8 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 251registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AA8F9 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 200COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B80DD Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 180registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B8F2C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 152memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D623C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 127libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D2ED0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 227commemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A7CD0 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 215COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AAC70 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 194COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BBCA8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 173COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B1CD9 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 138fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BF8F0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 240COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D3118 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 226comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D69C4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 119COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BD2CC Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 111COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B7218 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 108timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D8BA8 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 102memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B9092AAB Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 52libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A32DC Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 159COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D3F00 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 139COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D645C Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9784 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3154 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9534 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 150COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B49B8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 71timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D8364 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 60libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BBF5C Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D37A0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 119COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AAC6B Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 113COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AA900 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AF15C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BAA64 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D9E4C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B795C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C8028 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CE4D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C0620 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 63registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B4030 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 59registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D6148 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AB3BC Relevance: 12.2, APIs: 7, Strings: 1, Instructions: 157memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A5588 Relevance: 12.1, APIs: 8, Instructions: 111memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AED00 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 87memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B3E40 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BD928 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A81D9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BF388 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9144 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AB6E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A5340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B48E8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B5E10 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 353COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B64FC Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 258COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B99A8 Relevance: 9.1, APIs: 6, Instructions: 75encryptionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C1BDC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BED7C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D5A1C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C4E94 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B9240 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B93D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A8598 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B47DE Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BE13C Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 47COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B1388 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CC820 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 189COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A628C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 167threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C0198 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BF4BC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C0944 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AF2D4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C0720 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3EF9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C897C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A6044 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A1E3B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B7A6E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90DA680 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D6BDC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3DB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90DA6DB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BD6F4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D8C4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3C89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A43EC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3D2A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90DDEEB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D6810 Relevance: 6.1, APIs: 4, Instructions: 120registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A5A04 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 80COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AEDF9 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 29memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B07A4 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 233COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A70CC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B1114 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D7EF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D4DC4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C202E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A1CAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90AB5CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B45F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90C81A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90CE40C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90D9FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90BAEB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B04B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90A3E6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF8B90B4F70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |