Windows
Analysis Report
ugslmd.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ugslmd.exe (PID: 7136 cmdline:
"C:\Users\ user\Deskt op\ugslmd. exe" MD5: 551ED08A9076A98B16CE6DD72C993209) - conhost.exe (PID: 6516 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_00408064 | |
Source: | Code function: | 0_2_0040807B | |
Source: | Code function: | 0_2_00407039 | |
Source: | Code function: | 0_2_00407D5C | |
Source: | Code function: | 0_2_00408911 | |
Source: | Code function: | 0_2_00403D15 | |
Source: | Code function: | 0_2_0040891E | |
Source: | Code function: | 0_2_00403D25 | |
Source: | Code function: | 0_2_0040652E | |
Source: | Code function: | 0_2_00406539 | |
Source: | Code function: | 0_2_004051CC | |
Source: | Code function: | 0_2_00402D97 | |
Source: | Code function: | 0_2_00402DAE | |
Source: | Code function: | 0_2_004051B4 | |
Source: | Code function: | 0_2_00405645 | |
Source: | Code function: | 0_2_00405601 | |
Source: | Code function: | 0_2_00407213 | |
Source: | Code function: | 0_2_0040721E | |
Source: | Code function: | 0_2_00404221 | |
Source: | Code function: | 0_2_00404234 | |
Source: | Code function: | 0_2_004092CB | |
Source: | Code function: | 0_2_00409AA9 | |
Source: | Code function: | 0_2_004092BC | |
Source: | Code function: | 0_2_00408F6C | |
Source: | Code function: | 0_2_00408F7A | |
Source: | Code function: | 0_2_0040330A | |
Source: | Code function: | 0_2_00409F0B | |
Source: | Code function: | 0_2_00409F1A | |
Source: | Code function: | 0_2_004047B3 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_0040101A |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00683239 | |
Source: | Code function: | 0_2_00683735 | |
Source: | Code function: | 0_2_00683739 | |
Source: | Code function: | 0_2_00685340 | |
Source: | Code function: | 0_2_00684060 | |
Source: | Code function: | 0_2_00401C59 | |
Source: | Code function: | 0_2_0040284F | |
Source: | Code function: | 0_2_004018DF | |
Source: | Code function: | 0_2_004018DF | |
Source: | Code function: | 0_2_00401CF0 | |
Source: | Code function: | 0_2_004018DF | |
Source: | Code function: | 0_2_004028FB | |
Source: | Code function: | 0_2_005E08D5 | |
Source: | Code function: | 0_2_005E016C | |
Source: | Code function: | 0_2_005E0585 | |
Source: | Code function: | 0_2_00401917 | |
Source: | Code function: | 0_2_0040191B | |
Source: | Code function: | 0_2_00402128 | |
Source: | Code function: | 0_2_00402196 | |
Source: | Code function: | 0_2_0040219A | |
Source: | Code function: | 0_2_004025F3 | |
Source: | Code function: | 0_2_00402659 | |
Source: | Code function: | 0_2_00402659 | |
Source: | Code function: | 0_2_005E005D | |
Source: | Code function: | 0_2_00402723 | |
Source: | Code function: | 0_2_00683ACE | |
Source: | Code function: | 0_2_00680E5B | |
Source: | Code function: | 0_2_00401B46 | |
Source: | Code function: | 0_2_00401B4E | |
Source: | Code function: | 0_2_005E1338 | |
Source: | Code function: | 0_2_005E1340 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0040101A |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00401000 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Process Injection | 1 Software Packing | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | |||
18% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432144 |
Start date and time: | 2024-04-26 15:33:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ugslmd.exe |
Detection: | MAL |
Classification: | mal48.winEXE@2/1@0/0 |
EGA Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Execution Graph export aborted for target ugslmd.exe, PID 7136 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\ugslmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 158 |
Entropy (8bit): | 4.860800455330473 |
Encrypted: | false |
SSDEEP: | 3:JQ4F0nxuWCLQYUnIZJjHZbhF02WRhF8iHuhTySWYMovn:W40gLQ5n2TRhChF81zpv |
MD5: | 4FADD1BA8EA3F26DBA74156E0FFD73E4 |
SHA1: | 96AD1043190F1C71618767F1CE0F39CF91B3D87E |
SHA-256: | D7A1201A82CBECDD918429499BCE842C65CDCA02D71476D6789B368A117EF817 |
SHA-512: | 3D5FE6DBD3EC0E260659F063945F4594C2C1717F2D61ECCEF4E04230E9CA6952A2BBA4F6FA34BB95DF9A4BB09AB2AB0C89DC921CC2ABAACC9FC0316A009705BD |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.964289450405882 |
TrID: |
|
File name: | ugslmd.exe |
File size: | 643'072 bytes |
MD5: | 551ed08a9076a98b16ce6dd72c993209 |
SHA1: | 7f6e01bbbfe0caa479cb9feee9cec092fd4fde9d |
SHA256: | b3507a576c4b7861f343a95f00e177c0aaeb44fac3400dd054fe8c0aeeeddccd |
SHA512: | 58570764200da8757b56060d3ab7881107c791dfde23463c8f431f7b5b76e0c3e1f68b15ef09d38286071201dc478a85d003c11ba1a6346f5c1ea37aa3e2e755 |
SSDEEP: | 12288:+XK4BUw/KnGv8UMmkVmhaPHuukCfb0gLfY+SdZyJxAfjdtOpR8YUa7G:+5lKnghMmkVmhavuuk4TLfKZmedORvPK |
TLSH: | 7DD423A388484178ECC64F7517B9A8FF9F55E368898DCA1AD251EE134C037B728DD18E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p26y4SX*4SX*4SX*.\.*:SX*..&*?SX*4SY*&RX*..#*7SX*..6*6SX*..%*6SX*.D.*.SX*4SX*.SX*..5*;RX*.. *5SX*Rich4SX*................PE..L.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x680377 |
Entrypoint Section: | .data11 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x4B0C27BF [Tue Nov 24 18:36:47 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7c183f724feb3551aab2593ae1d06669 |
Instruction |
---|
pushfd |
pushad |
mov byte ptr [esp+08h], cl |
mov dword ptr [esp+20h], 864CCD9Eh |
call 00007F546CAC50D0h |
stc |
shl edi, 08h |
test ch, dl |
cmc |
lea esp, dword ptr [esp+60h] |
jbe 00007F546CAC5D54h |
bt dx, dx |
add edi, eax |
push 692B9188h |
sub ecx, 01h |
pushfd |
call 00007F546CB5BCA8h |
add byte ptr [eax], al |
inc esi |
imul ebp, dword ptr [esi+64h], 73726946h |
je 00007F546CB59798h |
imul ebp, dword ptr [ebp+41h], 83DFD200h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x234540 | 0xc8 | .data11 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1df000 | 0x1ac | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28066c | 0x484 | .data11 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb75cc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.textidx | 0xb9000 | 0xa4cea | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
CONST | 0x15e000 | 0x50 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15f000 | 0x94f6 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x169000 | 0x75418 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1df000 | 0x1ac | 0x1000 | aa68e70a4ffee646764f17f76b69fdbf | False | 0.070068359375 | data | 0.8981481885262328 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data10 | 0x1e0000 | 0xa034 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data11 | 0x1eb000 | 0x9a931 | 0x9b000 | 6c1764a4905556b2e3fb5c680221e305 | False | 0.9879819808467742 | data | 7.9892958796289655 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x1df058 | 0x154 | ASCII text, with CRLF line terminators | English | United States | 0.65 |
DLL | Import |
---|---|
MSVCR80.dll | iscntrl, isgraph, islower, isprint, ispunct, isupper, toupper, atol, clearerr, ungetc, isspace, wcscmp, memmove, _amsg_exit, __getmainargs, _cexit, _XcptFilter, __initenv, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, isalpha, __set_app_type, ?terminate@@YAXXZ, _unlock, __dllonexit, _lock, _onexit, _decode_pointer, _except_handler4_common, _invoke_watson, _controlfp_s, _crt_debugger_hook, isalnum, _exit, strncat, sprintf_s, strncpy_s, strtoul, strcpy_s, strcat_s, isxdigit, isdigit, _beginthread, _endthread, _putenv, _wunlink, _wremove, _waccess, strcpy, _wrename, rename, _wstat32, _close, _wopen, _wfreopen, freopen, _wfopen, getchar, _popen, fgetc, perror, exit, _mktime32, _findfirst32, _findnext32, _stat32, _findclose, qsort, longjmp, tolower, fflush, srand, rand, _environ, strtol, __sys_nerr, __sys_errlist, fprintf, __iob_func, abs, _localtime32, _setjmp3, _errno, strrchr, strchr, sscanf, strcat, fgets, strstr, strtok, strncmp, realloc, calloc, _vsnprintf, vsprintf, atoi, strncpy, _time32, strcmp, fseek, ftell, malloc, fread, fputs, fputc, vfprintf, _beginthreadex, _utime32, _locking, _unlink, _open, _stricmp, _strdup, _getpid, _umask, memcmp, remove, free, fopen, fwrite, fclose, memset, _getcwd, _chdir, sprintf, _mkdir, _access, getenv, strlen, memcpy, _encode_pointer, _strnicmp |
KERNEL32.dll | DeleteFileA, SetConsoleTitleA, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedCompareExchange, InterlockedExchange, ReleaseSemaphore, OpenSemaphoreA, CreateSemaphoreA, SearchPathA, GetFileSize, LocalFree, LocalAlloc, GetLocalTime, SystemTimeToFileTime, GetSystemTime, GetModuleFileNameA, GetCurrentProcessId, SetLastError, FindClose, FindNextFileA, FindNextFileW, FindFirstFileA, FindFirstFileW, GetModuleHandleA, GetProcessTimes, CreateMutexA, ReleaseMutex, SetHandleInformation, SetErrorMode, GetEnvironmentVariableW, GetEnvironmentVariableA, GetCommandLineW, WideCharToMultiByte, MultiByteToWideChar, VirtualFree, VirtualAlloc, GetCurrentProcess, GetDriveTypeA, GetVolumeInformationA, GetSystemDirectoryA, FormatMessageA, SetEvent, CreateEventA, ResetEvent, Sleep, GetWindowsDirectoryA, DeviceIoControl, WriteFile, ReadFile, CreateFileA, GetLastError, CloseHandle, GetTickCount, GetPrivateProfileIntA, GetPrivateProfileStringA, GetVersionExA, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersion, WaitForSingleObject |
USER32.dll | DialogBoxIndirectParamA, CreateDialogIndirectParamA, wsprintfA, GetClientRect, ScreenToClient, GetSystemMetrics, MessageBoxA, MoveWindow, ShowWindow, EnableWindow, GetWindowRect, GetDlgItem, SendMessageA, GetWindowLongA, MessageBeep, SetDlgItemTextA, GetDlgItemTextW, GetDlgItemTextA, EndDialog, GetParent, GetFocus, SetFocus, SetWindowTextA, GetActiveWindow |
NETAPI32.dll | Netbios |
ADVAPI32.dll | RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, GetUserNameA, RegDeleteValueA, RegEnumValueA, RegQueryValueExW, RegSetValueExW, GetUserNameW, RegEnumKeyExA, RegQueryInfoKeyA, DeregisterEventSource, RegisterEventSourceA, ReportEventA |
comdlg32.dll | GetOpenFileNameA |
COMCTL32.dll | |
WSOCK32.dll | getsockopt, ntohs, select, connect, socket, closesocket, recv, send, inet_ntoa, setsockopt, getservbyport, gethostbyaddr, gethostbyname, WSAGetLastError, ioctlsocket, htons, getservbyname, inet_addr, WSASetLastError, htonl, ntohl, WSAStartup, gethostname, WSACleanup, getprotobyname, getsockname, __WSAFDIsSet |
KERNEL32.dll | GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:34:07 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\ugslmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 643'072 bytes |
MD5 hash: | 551ED08A9076A98B16CE6DD72C993209 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:34:07 |
Start date: | 26/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Function 0040101A Relevance: 94.8, APIs: 45, Strings: 9, Instructions: 252librarystringloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D15 Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407213 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409AA9 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040652E Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405645 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408064 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D97 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405601 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404221 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051B4 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004092BC Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408F6C Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409F0B Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408911 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040807B Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040721E Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404234 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407039 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004092CB Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407D5C Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408F7A Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040330A Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409F1A Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040891E Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D25 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406539 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051CC Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402DAE Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047B3 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004013FE Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 170fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401608 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 83fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401358 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |