Windows
Analysis Report
avz.exe
Overview
General Information
Detection
Score: | 25 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
- avz.exe (PID: 7728 cmdline:
"C:\Users\ user\Deskt op\avz.exe " MD5: 59E8187B34416258AE6AB3CDF4EE6628)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
Source: | Static PE information: |
Source: | Code function: | 0_2_0040E718 | |
Source: | Code function: | 0_2_0040E14C | |
Source: | Code function: | 0_2_00424B74 | |
Source: | Code function: | 0_2_00424D58 |
Source: | Code function: | 0_2_00422AAC |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004412E8 | |
Source: | Code function: | 0_2_0040CBA4 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00425874 |
Source: | File created: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0043A25F | |
Source: | Code function: | 0_2_004302E7 | |
Source: | Code function: | 0_2_0046835D | |
Source: | Code function: | 0_2_00467310 | |
Source: | Code function: | 0_2_0042A4D9 | |
Source: | Code function: | 0_2_00463440 | |
Source: | Code function: | 0_2_0041C518 | |
Source: | Code function: | 0_2_00410507 | |
Source: | Code function: | 0_2_00466511 | |
Source: | Code function: | 0_2_00466521 | |
Source: | Code function: | 0_2_00465534 | |
Source: | Code function: | 0_2_008335F5 | |
Source: | Code function: | 0_2_00466608 | |
Source: | Code function: | 0_2_004686F9 | |
Source: | Code function: | 0_2_00464844 | |
Source: | Code function: | 0_2_00467829 | |
Source: | Code function: | 0_2_004628D6 | |
Source: | Code function: | 0_2_00466979 | |
Source: | Code function: | 0_2_00466989 | |
Source: | Code function: | 0_2_00466A70 | |
Source: | Code function: | 0_2_00465A2E | |
Source: | Code function: | 0_2_0043EB79 | |
Source: | Code function: | 0_2_00467B79 | |
Source: | Code function: | 0_2_0043DB15 | |
Source: | Code function: | 0_2_00462C11 | |
Source: | Code function: | 0_2_00425C1B | |
Source: | Code function: | 0_2_00468D5D | |
Source: | Code function: | 0_2_00465DF5 | |
Source: | Code function: | 0_2_00466DF1 | |
Source: | Code function: | 0_2_00466ED8 | |
Source: | Code function: | 0_2_0043CF1F |
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_0040E718 | |
Source: | Code function: | 0_2_0040E14C | |
Source: | Code function: | 0_2_00424B74 | |
Source: | Code function: | 0_2_00424D58 |
Source: | Code function: | 0_2_00422AAC |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_0040E850 | |
Source: | Code function: | 0_2_0040DCF0 | |
Source: | Code function: | 0_2_00429DD8 | |
Source: | Code function: | 0_2_00429E24 |
Source: | Code function: | 0_2_00428164 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 LSASS Driver | 1 LSASS Driver | 1 Masquerading | 1 Credential API Hooking | 1 System Time Discovery | Remote Services | 1 Credential API Hooking | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Obfuscated Files or Information | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Software Packing | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 3 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 14 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
4% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436352 |
Start date and time: | 2024-05-04 15:04:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | avz.exe |
Detection: | SUS |
Classification: | sus25.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
File type: | |
Entropy (8bit): | 7.889404299781525 |
TrID: |
|
File name: | avz.exe |
File size: | 1'572'352 bytes |
MD5: | 59e8187b34416258ae6ab3cdf4ee6628 |
SHA1: | 38378107dec5f543448a80134219a61dd37fab80 |
SHA256: | cbfadfb4f37c0e70827f4b5349d20827079aa86aa24c0b10c921aa06681f4757 |
SHA512: | 9e0cd06ee0b763fbdaf983b47733508b826c1cf1a0248330be262ec14d8c0fbc0b1013b3ada75481572e526a062cab272da2ece10c122ca541034657529ebb54 |
SSDEEP: | 24576:gxC+MB3qWEQZsYhgjkzM1fNbPj+Vy/0T60P//cH0JDDtd2e9oStdWTmVoWUr4f5A:oRdKZs2wiVy8W0P8Udlt7li4kB |
TLSH: | 817523692A18C067D39828758F05D8FD1D593D6173883E0A33D3BDDFBF696962B420B2 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 995109959b4f0504 |
Entrypoint: | 0x99e9d0 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x662321FC [Sat Apr 20 02:01:32 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 70c9d82a50a5b5542c5c4c83152ea81b |
Instruction |
---|
pushad |
mov esi, 00829000h |
lea edi, dword ptr [esi-00428000h] |
mov dword ptr [edi+004B4C3Ch], 6D35F187h |
push edi |
or ebp, FFFFFFFFh |
jmp 00007F4E91321A90h |
nop |
nop |
nop |
nop |
mov al, byte ptr [esi] |
inc esi |
mov byte ptr [edi], al |
inc edi |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F4E91321A6Fh |
mov eax, 00000001h |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
add ebx, ebx |
jnc 00007F4E91321A8Dh |
jne 00007F4E91321AAAh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F4E91321AA1h |
dec eax |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
jmp 00007F4E91321A56h |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
jmp 00007F4E91321AD4h |
xor ecx, ecx |
sub eax, 03h |
jc 00007F4E91321A93h |
shl eax, 08h |
mov al, byte ptr [esi] |
inc esi |
xor eax, FFFFFFFFh |
je 00007F4E91321AF7h |
sar eax, 1 |
mov ebp, eax |
jmp 00007F4E91321A8Dh |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F4E91321A4Eh |
inc ecx |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F4E91321A40h |
add ebx, ebx |
jne 00007F4E91321A89h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
add ebx, ebx |
jnc 00007F4E91321A71h |
jne 00007F4E91321A8Bh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jnc 00007F4E91321A66h |
add ecx, 02h |
cmp ebp, 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4e7000 | 0x95 | UPX1 |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5a8700 | 0x354 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x59f000 | 0x9700 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x59eb88 | 0x18 | UPX1 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x4e6000 | 0xb1e | UPX1 |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x428000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX1 | 0x429000 | 0x176000 | 0x175e00 | 986697aac5f2c961e9296db7079873ab | False | 0.9887729595035105 | data | 7.922141861509734 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x59f000 | 0xa000 | 0x9c00 | 1db7c7ad4fe3caff159d67448a4c1014 | False | 0.21501903044871795 | data | 3.623768923715147 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x552c70 | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x552da4 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x552ed8 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x55300c | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x553140 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x553274 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x5533a8 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_CURSOR | 0x5534dc | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x553610 | 0x134 | data | English | United States | 1.0357142857142858 |
RT_BITMAP | 0x553744 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x553914 | 0x1e4 | data | English | United States | 1.0227272727272727 |
RT_BITMAP | 0x553af8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x553cc8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x553e98 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x554068 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x554238 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x554408 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x5545d8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x5547a8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
RT_BITMAP | 0x554978 | 0x2a4 | data | 1.0162721893491125 | ||
RT_BITMAP | 0x554c1c | 0xc0 | data | English | United States | 1.0572916666666667 |
RT_BITMAP | 0x554cdc | 0x128 | OpenPGP Public Key | 1.037162162162162 | ||
RT_BITMAP | 0x554e04 | 0x7b8 | data | 1.0055668016194332 | ||
RT_BITMAP | 0x5555bc | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_BITMAP | 0x55569c | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_BITMAP | 0x55577c | 0x5c | data | English | United States | 1.1195652173913044 |
RT_BITMAP | 0x5557d8 | 0x5c | data | English | United States | 1.1195652173913044 |
RT_BITMAP | 0x555834 | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555944 | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555a54 | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555b64 | 0x5c | data | 1.1195652173913044 | ||
RT_BITMAP | 0x555bc0 | 0x5c | data | 1.1195652173913044 | ||
RT_BITMAP | 0x555c1c | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555d2c | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555e3c | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x555f4c | 0x110 | data | 1.0404411764705883 | ||
RT_BITMAP | 0x55605c | 0xb0 | data | 1.0625 | ||
RT_BITMAP | 0x55610c | 0xb0 | data | 1.0625 | ||
RT_BITMAP | 0x5561bc | 0x5c | PGP Secret Sub-key - | English | United States | 1.1195652173913044 |
RT_BITMAP | 0x556218 | 0x5c | data | English | United States | 1.1195652173913044 |
RT_BITMAP | 0x556274 | 0x5c | data | English | United States | 1.1195652173913044 |
RT_BITMAP | 0x5562d0 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x556740 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x556bb0 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x557020 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x557490 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x557900 | 0x46e | 68K BCS executable | English | United States | 1.009700176366843 |
RT_BITMAP | 0x557d70 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x5581e0 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x558650 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x558ac0 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x558f30 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x5593a0 | 0x46e | data | English | United States | 1.009700176366843 |
RT_BITMAP | 0x559810 | 0x128 | data | Czech | Czech Republic | 1.037162162162162 |
RT_BITMAP | 0x559938 | 0x308 | data | 1.0141752577319587 | ||
RT_BITMAP | 0x559c40 | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_BITMAP | 0x559d20 | 0xc8 | data | Czech | Czech Republic | 1.055 |
RT_BITMAP | 0x559de8 | 0xc0 | data | English | United States | 1.0572916666666667 |
RT_BITMAP | 0x559ea8 | 0xc0 | data | English | United States | 1.0572916666666667 |
RT_BITMAP | 0x559f68 | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_BITMAP | 0x55a048 | 0xc0 | data | English | United States | 1.0572916666666667 |
RT_BITMAP | 0x55a108 | 0x48 | data | 1.1527777777777777 | ||
RT_BITMAP | 0x55a150 | 0x48 | data | 1.1527777777777777 | ||
RT_BITMAP | 0x55a198 | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_BITMAP | 0x55a278 | 0x48 | data | 1.1527777777777777 | ||
RT_BITMAP | 0x55a2c0 | 0x48 | data | 1.1527777777777777 | ||
RT_BITMAP | 0x55a308 | 0xe8 | data | English | United States | 1.0474137931034482 |
RT_BITMAP | 0x55a3f0 | 0xc0 | data | English | United States | 1.0572916666666667 |
RT_BITMAP | 0x55a4b0 | 0xc8 | data | Czech | Czech Republic | 1.055 |
RT_BITMAP | 0x55a578 | 0x2d0 | data | 1.0152777777777777 | ||
RT_BITMAP | 0x55a848 | 0x98 | data | English | United States | 1.0723684210526316 |
RT_BITMAP | 0x55a8e0 | 0x98 | data | English | United States | 1.0723684210526316 |
RT_BITMAP | 0x55a978 | 0xe0 | data | English | United States | 1.0491071428571428 |
RT_ICON | 0x5a1c74 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.5067567567567568 |
RT_ICON | 0x5a1da0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | United States | 0.4819364161849711 |
RT_ICON | 0x5a230c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.2154255319148936 |
RT_ICON | 0x5a2778 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.3897849462365591 |
RT_ICON | 0x5a2a64 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | English | United States | 0.4038808664259928 |
RT_ICON | 0x5a3310 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.12218574108818012 |
RT_ICON | 0x5a43bc | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.25914634146341464 |
RT_ICON | 0x5a4a28 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.2977078891257996 |
RT_ICON | 0x5a58d4 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.08246887966804979 |
RT_DIALOG | 0x560c40 | 0x52 | data | 1.1341463414634145 | ||
RT_DIALOG | 0x560c94 | 0x52 | data | 1.1341463414634145 | ||
RT_STRING | 0x560ce8 | 0x1bc | data | 1.0247747747747749 | ||
RT_STRING | 0x560ea4 | 0x228 | data | 1.019927536231884 | ||
RT_STRING | 0x5610cc | 0x3d4 | data | 1.0112244897959184 | ||
RT_STRING | 0x5614a0 | 0x5b0 | data | 1.007554945054945 | ||
RT_STRING | 0x561a50 | 0x3a8 | data | 1.0117521367521367 | ||
RT_STRING | 0x561df8 | 0x46c | data | 1.0097173144876326 | ||
RT_STRING | 0x562264 | 0x43c | data | 1.0101476014760147 | ||
RT_STRING | 0x5626a0 | 0x488 | data | 1.0094827586206896 | ||
RT_STRING | 0x562b28 | 0x390 | data | 1.0120614035087718 | ||
RT_STRING | 0x562eb8 | 0x404 | data | 1.0107003891050583 | ||
RT_STRING | 0x5632bc | 0x440 | data | 1.010110294117647 | ||
RT_STRING | 0x5636fc | 0x34c | data | 1.0130331753554502 | ||
RT_STRING | 0x563a48 | 0x390 | data | 1.0120614035087718 | ||
RT_STRING | 0x563dd8 | 0x288 | data | 1.0169753086419753 | ||
RT_STRING | 0x564060 | 0x2b0 | data | 1.0159883720930232 | ||
RT_STRING | 0x564310 | 0x1dc | data | 1.023109243697479 | ||
RT_STRING | 0x5644ec | 0x118 | data | 1.0392857142857144 | ||
RT_STRING | 0x564604 | 0x108 | data | 1.0416666666666667 | ||
RT_STRING | 0x56470c | 0x2b8 | data | 1.0158045977011494 | ||
RT_STRING | 0x5649c4 | 0x38c | DOS executable (COM) | 1.0121145374449338 | ||
RT_STRING | 0x564d50 | 0x37c | data | 1.0123318385650224 | ||
RT_STRING | 0x5650cc | 0x328 | OpenPGP Secret Key | 1.0136138613861385 | ||
RT_STRING | 0x5653f4 | 0x1c0 | data | 1.0245535714285714 | ||
RT_STRING | 0x5655b4 | 0x58c | OpenPGP Public Key | 1.0077464788732395 | ||
RT_STRING | 0x565b40 | 0x1dc | data | 1.023109243697479 | ||
RT_STRING | 0x565d1c | 0x3e0 | data | 1.0110887096774193 | ||
RT_STRING | 0x5660fc | 0x3d8 | data | 1.011178861788618 | ||
RT_STRING | 0x5664d4 | 0x33c | data | 1.0132850241545894 | ||
RT_STRING | 0x566810 | 0x43c | data | 1.0101476014760147 | ||
RT_STRING | 0x566c4c | 0x58c | data | 1.0077464788732395 | ||
RT_STRING | 0x5671d8 | 0x46c | data | 1.0097173144876326 | ||
RT_STRING | 0x567644 | 0x2ec | DOS executable (COM) | 1.0147058823529411 | ||
RT_STRING | 0x567930 | 0x2b0 | data | 1.0159883720930232 | ||
RT_STRING | 0x567be0 | 0x44c | data | 1.01 | ||
RT_STRING | 0x56802c | 0x124 | data | 1.0376712328767124 | ||
RT_STRING | 0x568150 | 0xd4 | data | 1.0518867924528301 | ||
RT_STRING | 0x568224 | 0x288 | data | 1.0169753086419753 | ||
RT_STRING | 0x5684ac | 0x11c | data | 1.0387323943661972 | ||
RT_STRING | 0x5685c8 | 0x3d0 | data | 1.0112704918032787 | ||
RT_STRING | 0x568998 | 0x414 | DOS executable (COM, 0x8C-variant) | 1.010536398467433 | ||
RT_STRING | 0x568dac | 0x428 | data | 1.0103383458646618 | ||
RT_STRING | 0x5691d4 | 0x514 | data | 1.0084615384615385 | ||
RT_STRING | 0x5696e8 | 0x280 | data | 1.0171875 | ||
RT_STRING | 0x569968 | 0x3e0 | data | 1.0110887096774193 | ||
RT_STRING | 0x569d48 | 0x4f8 | data | 1.0086477987421383 | ||
RT_STRING | 0x56a240 | 0x38c | DOS executable (COM, 0x8C-variant) | 1.0121145374449338 | ||
RT_STRING | 0x56a5cc | 0x374 | data | 1.012443438914027 | ||
RT_STRING | 0x56a940 | 0x458 | data | 1.0098920863309353 | ||
RT_STRING | 0x56ad98 | 0x10c | data | 1.041044776119403 | ||
RT_STRING | 0x56aea4 | 0xcc | data | 1.053921568627451 | ||
RT_STRING | 0x56af70 | 0x244 | data | 1.0189655172413794 | ||
RT_STRING | 0x56b1b4 | 0x414 | data | 1.010536398467433 | ||
RT_STRING | 0x56b5c8 | 0x358 | data | 1.0128504672897196 | ||
RT_STRING | 0x56b920 | 0x310 | data | 1.0140306122448979 | ||
RT_STRING | 0x56bc30 | 0x334 | data | 1.0134146341463415 | ||
RT_RCDATA | 0x56bf64 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x56bf74 | 0x1a60 | data | 0.9995556872037915 | ||
RT_RCDATA | 0x56d9d4 | 0x2 | Non-ISO extended-ASCII text, with no line terminators | English | United States | 5.0 |
RT_RCDATA | 0x56d9d8 | 0x2992 | data | 0.9907912046607781 | ||
RT_RCDATA | 0x57036c | 0xb72 | data | 1.0037542662116041 | ||
RT_RCDATA | 0x570ee0 | 0xe38 | data | 1.003021978021978 | ||
RT_RCDATA | 0x571d18 | 0x729 | data | 1.0060010911074742 | ||
RT_RCDATA | 0x572444 | 0x52e | data | 1.0082956259426847 | ||
RT_RCDATA | 0x572974 | 0xc14 | data | 1.0035575679172057 | ||
RT_RCDATA | 0x573588 | 0x2efe | data | 0.9951787198669991 | ||
RT_RCDATA | 0x576488 | 0x4b1 | data | 1.0091590341382182 | ||
RT_RCDATA | 0x57693c | 0xa0b | data | 1.0042784908595876 | ||
RT_RCDATA | 0x577348 | 0x4a0 | data | 1.0092905405405406 | ||
RT_RCDATA | 0x5777e8 | 0x143a | data | 1.0021243723445346 | ||
RT_RCDATA | 0x578c24 | 0x2b3 | data | 1.015918958031838 | ||
RT_RCDATA | 0x578ed8 | 0x74e6 | data | 0.9947871416159861 | ||
RT_RCDATA | 0x5803c0 | 0x2a55 | data | 0.9935406477807511 | ||
RT_RCDATA | 0x582e18 | 0x6bf | data | 1.0063694267515924 | ||
RT_RCDATA | 0x5834d8 | 0x113 | data | 1.04 | ||
RT_RCDATA | 0x5835ec | 0x494 | data | 1.0093856655290103 | ||
RT_RCDATA | 0x583a80 | 0xd549 | data | 0.945385615648065 | ||
RT_RCDATA | 0x590fcc | 0x3c4 | data | 0.9813278008298755 | ||
RT_RCDATA | 0x591390 | 0x161e | data | 0.9927587424938185 | ||
RT_RCDATA | 0x5929b0 | 0x45d | data | 1.0098478066248882 | ||
RT_RCDATA | 0x592e10 | 0xf07 | OpenPGP Secret Key | 0.9981804003119313 | ||
RT_RCDATA | 0x593d18 | 0xfeb | data | 0.9936196319018404 | ||
RT_RCDATA | 0x594d04 | 0x12ef | data | 0.9921600990303281 | ||
RT_RCDATA | 0x595ff4 | 0xc32 | data | 0.9910313901345291 | ||
RT_RCDATA | 0x596c28 | 0x39f | data | 1.011866235167206 | ||
RT_RCDATA | 0x596fc8 | 0xd72 | OpenPGP Secret Key | 0.9930273097036607 | ||
RT_RCDATA | 0x597d3c | 0x533 | OpenPGP Secret Key | 1.0082644628099173 | ||
RT_RCDATA | 0x598270 | 0xef3 | data | 0.9918996603083355 | ||
RT_RCDATA | 0x599164 | 0x491 | data | 0.8785286569717707 | ||
RT_RCDATA | 0x5995f8 | 0x1ab | data | 1.0257611241217799 | ||
RT_GROUP_CURSOR | 0x5997a4 | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x5997b8 | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x5997cc | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x5997e0 | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x5997f4 | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x599808 | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x59981c | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x599830 | 0x14 | data | English | United States | 1.45 |
RT_GROUP_CURSOR | 0x599844 | 0x14 | data | English | United States | 1.45 |
RT_GROUP_ICON | 0x5a7e80 | 0x84 | data | English | United States | 0.6439393939393939 |
RT_VERSION | 0x5a7f08 | 0x150 | data | English | United States | 0.5833333333333334 |
RT_MANIFEST | 0x5a805c | 0x6a2 | XML 1.0 document, ASCII text, with CRLF line terminators | Russian | Russia | 0.4287396937573616 |
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
advapi32.dll | FreeSid |
comctl32.dll | ImageList_Add |
comdlg32.dll | PrintDlgW |
gdi32.dll | Pie |
netapi32.dll | NetWkstaGetInfo |
ole32.dll | OleDraw |
oleaut32.dll | VariantCopy |
shell32.dll | DragFinish |
user32.dll | GetDC |
version.dll | VerQueryValueW |
wininet.dll | InternetOpenW |
winspool.drv | OpenPrinterW |
wsock32.dll | htons |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Czech | Czech Republic | |
Russian | Russia |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 15:04:49 |
Start date: | 04/05/2024 |
Path: | C:\Users\user\Desktop\avz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'572'352 bytes |
MD5 hash: | 59E8187B34416258AE6AB3CDF4EE6628 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 8.9% |
Total number of Nodes: | 326 |
Total number of Limit Nodes: | 18 |
Graph
Function 0040E850 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E718 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E33C Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410B90 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424E30 Relevance: 9.1, APIs: 6, Instructions: 83fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E91C Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA40 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429D54 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D63C Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042BC90 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415EB8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D7CC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425A74 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004165B8 Relevance: 1.5, APIs: 1, Instructions: 12windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058C8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E14C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCF0 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422AAC Relevance: 3.1, APIs: 2, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424B74 Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424D58 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425874 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429DD8 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429E24 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428164 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004412E8 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBA4 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004169B8 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 130libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415F10 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429E50 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 216threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A584 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004091E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F68 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406160 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A428 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CD4 Relevance: 9.2, APIs: 6, Instructions: 161fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064AC Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BE4 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439E3C Relevance: 7.8, APIs: 5, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043891C Relevance: 7.8, APIs: 5, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416058 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424BC0 Relevance: 6.1, APIs: 4, Instructions: 112timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DEEC Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004250B0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |