Windows
Analysis Report
HxTsr.exe
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- HxTsr.exe (PID: 6304 cmdline:
"C:\Users\ user\Deskt op\HxTsr.e xe" MD5: 5598F080258560D009714396D1F464AC)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF77F4F4318 |
Source: | Code function: | 0_2_00007FF77F4FCE24 | |
Source: | Code function: | 0_2_00007FF77F4FDA1C |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF77F4F10A4 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 DLL Side-Loading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
0% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432172 |
Start date and time: | 2024-04-26 16:23:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | HxTsr.exe |
Detection: | CLEAN |
Classification: | clean2.winEXE@1/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target HxTsr.exe, PID 6304 because there are no executed function
File type: | |
Entropy (8bit): | 6.06260340064884 |
TrID: |
|
File name: | HxTsr.exe |
File size: | 92'672 bytes |
MD5: | 5598f080258560d009714396d1f464ac |
SHA1: | 89a086fa0664780c3a23f6fa7c6b4b35caf797d0 |
SHA256: | 919423dbefdfe9536c13380a0331801e4451700df78381c00d2c445d7554776b |
SHA512: | 5a9d0d0aa760bdfc42afd15b9b36aabfb7e0ec9d368da70cf039281e9ff33ee31030867ea274ab375f19df6164d3b17d0631effc2949c4a6de453c962bbfce8b |
SSDEEP: | 1536:COHO8lU/mI2MR92CX9OJt8xBa5fjIEVE71T47wIGgTje0MFcMMIGnyv/s:O8lU/mI2MRQqOJaxuf0EVPTj1MuiGnyM |
TLSH: | A4934A5E232601F6E156D2BCC5A7627AE372FC435852970F4FB0D2860F772609E3AB91 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jUP..4>[.4>[.4>[.F8Z/4>[B@?Z(4>[B@;Z34>[B@:Z$4>[B@=Z-4>[.@?Z,4>['L.[.4>[.E?Z-4>[.4?[!5>[.F:Z-4>[.@;Z*4>[.@7Z.4>[.@.[/4>[.@<Z/4> |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x140001090 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65EA5F5E [Fri Mar 8 00:44:14 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 10 |
OS Version Minor: | 0 |
File Version Major: | 10 |
File Version Minor: | 0 |
Subsystem Version Major: | 10 |
Subsystem Version Minor: | 0 |
Import Hash: | a936f9337ff7d2caddd1f140cf786be8 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F4FD485C500h |
dec eax |
add esp, 28h |
jmp 00007F4FD485E8EFh |
int3 |
nop |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [00014F58h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007F4FD485C566h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [0000E3E2h] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [0000E084h] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [0000E080h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [0000E3A8h] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x11660 | 0x26c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0x470 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x17000 | 0xe7c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1a000 | 0x2f8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x13d98 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x10360 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xff00 | 0x138 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xf000 | 0x530 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x11364 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xd909 | 0xda00 | c15882a8f64a4760a2426706d136e586 | False | 0.49691800458715596 | data | 6.222952095031539 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xf000 | 0x6a0d | 0x6c00 | 6435b3a640a5272601ec16567ac5f21a | False | 0.33351417824074076 | data | 5.050967033311491 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x16000 | 0x668 | 0x400 | b9a2c6094558dddb50bebf9010a2d286 | False | 0.2109375 | data | 2.366450057637999 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x17000 | 0xe7c | 0x1000 | 64d5b14d3ba2de64ed652e35afcf4312 | False | 0.449951171875 | PEX Binary Archive | 4.5321877075071395 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.didat | 0x18000 | 0x80 | 0x200 | 1de5095e8fa50b79e9d813c48a45e6b6 | False | 0.1171875 | data | 0.8157106698145418 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x19000 | 0x470 | 0x600 | 96b3a15b1c45bb58ebbaf09c5b47347a | False | 0.2962239583333333 | data | 4.002468213350723 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1a000 | 0x2f8 | 0x400 | 23e6eef97ce904081a3940fad30333dc | False | 0.5322265625 | data | 4.589842225081001 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x19058 | 0x418 | data | English | United States | 0.3883587786259542 |
DLL | Import |
---|---|
Microsoft.Applications.Telemetry.Windows.dll | ?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z, ?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z, ?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ, ??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ, ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z, ?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z, ??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z, ?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z, ??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ, ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z, ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z, ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z, ??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z |
api-ms-win-core-errorhandling-l1-1-0.dll | RaiseException |
api-ms-win-core-realtime-l1-1-0.dll | QueryUnbiasedInterruptTime |
api-ms-win-core-synch-l1-2-0.dll | WakeAllConditionVariable, SleepConditionVariableSRW, InitOnceExecuteOnce |
api-ms-win-core-com-l1-1-0.dll | CoTaskMemFree, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler |
api-ms-win-core-processthreads-l1-1-0.dll | GetCurrentProcess, TerminateProcess, GetCurrentThreadId, GetCurrentProcessId |
api-ms-win-core-processthreads-l1-1-3.dll | SetProcessInformation |
api-ms-win-core-util-l1-1-0.dll | DecodePointer |
api-ms-win-core-synch-l1-1-0.dll | InitializeSRWLock, AcquireSRWLockExclusive, ReleaseSRWLockExclusive |
api-ms-win-core-com-l1-1-1.dll | RoGetAgileReference |
api-ms-win-eventing-provider-l1-1-0.dll | EventWriteTransfer |
HxOutlookBackground.dll | ?HxOutlookBackgroundInitialize@HxOutlook@@YAXAEAUConfig@Telemetry@Hx@@_N@Z, ?UseHxOutlookBackgroundAccess@HxOutlook@@YAAEAUIHxOutlookBackgroundAccess@1@XZ, ?HxOutlookBackgroundEnsureInitialized@HxOutlook@@YAXXZ |
VCRUNTIME140_1_APP.dll | __CxxFrameHandler4 |
VCRUNTIME140_APP.dll | __current_exception, _purecall, __current_exception_context, __std_exception_destroy, __std_terminate, __C_specific_handler, __std_exception_copy, memset, _CxxThrowException, memcmp, memcpy, memmove |
MSVCP140_APP.dll | ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Xinvalid_argument@std@@YAXPEBD@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?_Xbad_alloc@std@@YAXXZ, ?_Xlength_error@std@@YAXPEBD@Z, _Mtx_init_in_situ, _Mtx_destroy_in_situ, ?_Xout_of_range@std@@YAXPEBD@Z, ?_Throw_C_error@std@@YAXH@Z, _Mtx_lock, _Mtx_unlock, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?uncaught_exception@std@@YA_NXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ |
api-ms-win-crt-runtime-l1-1-0.dll | _crt_atexit, _invalid_parameter_noinfo_noreturn, _invalid_parameter_noinfo, terminate, _register_onexit_function, _initialize_onexit_table, _errno, _register_thread_local_exe_atexit_callback, _c_exit, _cexit, _set_app_type, _exit, exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _initialize_narrow_environment, _configure_narrow_argv, _seh_filter_exe |
api-ms-win-crt-heap-l1-1-0.dll | _set_new_mode, free, malloc |
api-ms-win-crt-string-l1-1-0.dll | _wcsicmp |
api-ms-win-crt-stdio-l1-1-0.dll | __p__commode, _set_fmode |
api-ms-win-crt-convert-l1-1-0.dll | wcstoull |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, pow |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
api-ms-win-core-profile-l1-1-0.dll | QueryPerformanceCounter |
api-ms-win-core-sysinfo-l1-1-0.dll | GetSystemTimeAsFileTime, GetSystemDirectoryW |
api-ms-win-core-interlocked-l1-1-0.dll | InitializeSListHead |
api-ms-win-core-delayload-l1-1-1.dll | ResolveDelayLoadedAPI |
api-ms-win-core-delayload-l1-1-0.dll | DelayLoadFailureHook |
api-ms-win-core-string-l1-1-0.dll | CompareStringOrdinal |
api-ms-win-core-path-l1-1-0.dll | PathCchAppend |
api-ms-win-core-file-l1-1-0.dll | GetFileAttributesW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 16:23:57 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\HxTsr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f4f0000 |
File size: | 92'672 bytes |
MD5 hash: | 5598F080258560D009714396D1F464AC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Function 00007FF77F4F10A4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4FCE24 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 224COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F6994 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 328COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F7A18 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 339COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F6178 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 214COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4FD338 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 288COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4FC750 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 288COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F1208 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 139timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F6520 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4F4EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF77F4FE51D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |