Edit tour
Windows
Analysis Report
avz.exe
Overview
General Information
| Sample name: | avz.exe |
| Analysis ID: | 1436352 |
| MD5: | 59e8187b34416258ae6ab3cdf4ee6628 |
| SHA1: | 38378107dec5f543448a80134219a61dd37fab80 |
| SHA256: | cbfadfb4f37c0e70827f4b5349d20827079aa86aa24c0b10c921aa06681f4757 |
| Tags: | Detectionverificationexe |
| Infos: |  |
 | |
Detection
| Score: | 25 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
May modify the system service descriptor table (often done to hook functions)
AV process strings found (often used to terminate AV products)
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Enables debug privileges
Enables driver privileges
Found large amount of non-executed APIs
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
Analysis Advice
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
avz.exe (PID: 7728 cmdline: "C:\Users\ user\Deskt op\avz.exe " MD5: 59E8187B34416258AE6AB3CDF4EE6628)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040E718 | |
| Source: | Code function: | 0_2_0040E14C | |
| Source: | Code function: | 0_2_00424B74 | |
| Source: | Code function: | 0_2_00424D58 | |
| Source: | Code function: | 0_2_00422AAC | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_004412E8 | |
| Source: | Code function: | 0_2_0040CBA4 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00425874 | |
| Source: | File created: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0043A25F | |
| Source: | Code function: | 0_2_004302E7 | |
| Source: | Code function: | 0_2_0046835D | |
| Source: | Code function: | 0_2_00467310 | |
| Source: | Code function: | 0_2_0042A4D9 | |
| Source: | Code function: | 0_2_00463440 | |
| Source: | Code function: | 0_2_0041C518 | |
| Source: | Code function: | 0_2_00410507 | |
| Source: | Code function: | 0_2_00466511 | |
| Source: | Code function: | 0_2_00466521 | |
| Source: | Code function: | 0_2_00465534 | |
| Source: | Code function: | 0_2_008335F5 | |
| Source: | Code function: | 0_2_00466608 | |
| Source: | Code function: | 0_2_004686F9 | |
| Source: | Code function: | 0_2_00464844 | |
| Source: | Code function: | 0_2_00467829 | |
| Source: | Code function: | 0_2_004628D6 | |
| Source: | Code function: | 0_2_00466979 | |
| Source: | Code function: | 0_2_00466989 | |
| Source: | Code function: | 0_2_00466A70 | |
| Source: | Code function: | 0_2_00465A2E | |
| Source: | Code function: | 0_2_0043EB79 | |
| Source: | Code function: | 0_2_00467B79 | |
| Source: | Code function: | 0_2_0043DB15 | |
| Source: | Code function: | 0_2_00462C11 | |
| Source: | Code function: | 0_2_00425C1B | |
| Source: | Code function: | 0_2_00468D5D | |
| Source: | Code function: | 0_2_00465DF5 | |
| Source: | Code function: | 0_2_00466DF1 | |
| Source: | Code function: | 0_2_00466ED8 | |
| Source: | Code function: | 0_2_0043CF1F | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Hooking and other Techniques for Hiding and Protection |   |
|---|
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Code function: | 0_2_0040E718 | |
| Source: | Code function: | 0_2_0040E14C | |
| Source: | Code function: | 0_2_00424B74 | |
| Source: | Code function: | 0_2_00424D58 | |
| Source: | Code function: | 0_2_00422AAC | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040E850 | |
| Source: | Code function: | 0_2_0040DCF0 | |
| Source: | Code function: | 0_2_00429DD8 | |
| Source: | Code function: | 0_2_00429E24 | |
| Source: | Code function: | 0_2_00428164 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 LSASS Driver | 1 LSASS Driver | 1 Masquerading | 1 Credential API Hooking | 1 System Time Discovery | Remote Services | 1 Credential API Hooking | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Obfuscated Files or Information | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Software Packing | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 3 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 14 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs | |||
| 4% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1436352 |
| Start date and time: | 2024-05-04 15:04:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 37s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | avz.exe |
| Detection: | SUS |
| Classification: | sus25.evad.winEXE@1/0@0/0 |
| EGA Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.889404299781525 |
| TrID: |
|
| File name: | avz.exe |
| File size: | 1'572'352 bytes |
| MD5: | 59e8187b34416258ae6ab3cdf4ee6628 |
| SHA1: | 38378107dec5f543448a80134219a61dd37fab80 |
| SHA256: | cbfadfb4f37c0e70827f4b5349d20827079aa86aa24c0b10c921aa06681f4757 |
| SHA512: | 9e0cd06ee0b763fbdaf983b47733508b826c1cf1a0248330be262ec14d8c0fbc0b1013b3ada75481572e526a062cab272da2ece10c122ca541034657529ebb54 |
| SSDEEP: | 24576:gxC+MB3qWEQZsYhgjkzM1fNbPj+Vy/0T60P//cH0JDDtd2e9oStdWTmVoWUr4f5A:oRdKZs2wiVy8W0P8Udlt7li4kB |
| TLSH: | 817523692A18C067D39828758F05D8FD1D593D6173883E0A33D3BDDFBF696962B420B2 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 995109959b4f0504 |
| Entrypoint: | 0x99e9d0 |
| Entrypoint Section: | UPX1 |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | |
| Time Stamp: | 0x662321FC [Sat Apr 20 02:01:32 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 70c9d82a50a5b5542c5c4c83152ea81b |
| Instruction |
|---|
| pushad |
| mov esi, 00829000h |
| lea edi, dword ptr [esi-00428000h] |
| mov dword ptr [edi+004B4C3Ch], 6D35F187h |
| push edi |
| or ebp, FFFFFFFFh |
| jmp 00007F4E91321A90h |
| nop |
| nop |
| nop |
| nop |
| mov al, byte ptr [esi] |
| inc esi |
| mov byte ptr [edi], al |
| inc edi |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| jc 00007F4E91321A6Fh |
| mov eax, 00000001h |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| adc eax, eax |
| add ebx, ebx |
| jnc 00007F4E91321A8Dh |
| jne 00007F4E91321AAAh |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| jc 00007F4E91321AA1h |
| dec eax |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| adc eax, eax |
| jmp 00007F4E91321A56h |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| adc ecx, ecx |
| jmp 00007F4E91321AD4h |
| xor ecx, ecx |
| sub eax, 03h |
| jc 00007F4E91321A93h |
| shl eax, 08h |
| mov al, byte ptr [esi] |
| inc esi |
| xor eax, FFFFFFFFh |
| je 00007F4E91321AF7h |
| sar eax, 1 |
| mov ebp, eax |
| jmp 00007F4E91321A8Dh |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| jc 00007F4E91321A4Eh |
| inc ecx |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| jc 00007F4E91321A40h |
| add ebx, ebx |
| jne 00007F4E91321A89h |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| adc ecx, ecx |
| add ebx, ebx |
| jnc 00007F4E91321A71h |
| jne 00007F4E91321A8Bh |
| mov ebx, dword ptr [esi] |
| sub esi, FFFFFFFCh |
| adc ebx, ebx |
| jnc 00007F4E91321A66h |
| add ecx, 02h |
| cmp ebp, 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4e7000 | 0x95 | UPX1 |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5a8700 | 0x354 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x59f000 | 0x9700 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x59eb88 | 0x18 | UPX1 |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x4e6000 | 0xb1e | UPX1 |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x428000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| UPX1 | 0x429000 | 0x176000 | 0x175e00 | 986697aac5f2c961e9296db7079873ab | False | 0.9887729595035105 | data | 7.922141861509734 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x59f000 | 0xa000 | 0x9c00 | 1db7c7ad4fe3caff159d67448a4c1014 | False | 0.21501903044871795 | data | 3.623768923715147 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x552c70 | 0x134 | data | 1.0357142857142858 | ||
| RT_CURSOR | 0x552da4 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x552ed8 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x55300c | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x553140 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x553274 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x5533a8 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_CURSOR | 0x5534dc | 0x134 | data | 1.0357142857142858 | ||
| RT_CURSOR | 0x553610 | 0x134 | data | English | United States | 1.0357142857142858 |
| RT_BITMAP | 0x553744 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x553914 | 0x1e4 | data | English | United States | 1.0227272727272727 |
| RT_BITMAP | 0x553af8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x553cc8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x553e98 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x554068 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x554238 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x554408 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x5545d8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x5547a8 | 0x1d0 | data | English | United States | 1.0237068965517242 |
| RT_BITMAP | 0x554978 | 0x2a4 | data | 1.0162721893491125 | ||
| RT_BITMAP | 0x554c1c | 0xc0 | data | English | United States | 1.0572916666666667 |
| RT_BITMAP | 0x554cdc | 0x128 | OpenPGP Public Key | 1.037162162162162 | ||
| RT_BITMAP | 0x554e04 | 0x7b8 | data | 1.0055668016194332 | ||
| RT_BITMAP | 0x5555bc | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_BITMAP | 0x55569c | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_BITMAP | 0x55577c | 0x5c | data | English | United States | 1.1195652173913044 |
| RT_BITMAP | 0x5557d8 | 0x5c | data | English | United States | 1.1195652173913044 |
| RT_BITMAP | 0x555834 | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555944 | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555a54 | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555b64 | 0x5c | data | 1.1195652173913044 | ||
| RT_BITMAP | 0x555bc0 | 0x5c | data | 1.1195652173913044 | ||
| RT_BITMAP | 0x555c1c | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555d2c | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555e3c | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x555f4c | 0x110 | data | 1.0404411764705883 | ||
| RT_BITMAP | 0x55605c | 0xb0 | data | 1.0625 | ||
| RT_BITMAP | 0x55610c | 0xb0 | data | 1.0625 | ||
| RT_BITMAP | 0x5561bc | 0x5c | PGP Secret Sub-key - | English | United States | 1.1195652173913044 |
| RT_BITMAP | 0x556218 | 0x5c | data | English | United States | 1.1195652173913044 |
| RT_BITMAP | 0x556274 | 0x5c | data | English | United States | 1.1195652173913044 |
| RT_BITMAP | 0x5562d0 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x556740 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x556bb0 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x557020 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x557490 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x557900 | 0x46e | 68K BCS executable | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x557d70 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x5581e0 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x558650 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x558ac0 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x558f30 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x5593a0 | 0x46e | data | English | United States | 1.009700176366843 |
| RT_BITMAP | 0x559810 | 0x128 | data | Czech | Czech Republic | 1.037162162162162 |
| RT_BITMAP | 0x559938 | 0x308 | data | 1.0141752577319587 | ||
| RT_BITMAP | 0x559c40 | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_BITMAP | 0x559d20 | 0xc8 | data | Czech | Czech Republic | 1.055 |
| RT_BITMAP | 0x559de8 | 0xc0 | data | English | United States | 1.0572916666666667 |
| RT_BITMAP | 0x559ea8 | 0xc0 | data | English | United States | 1.0572916666666667 |
| RT_BITMAP | 0x559f68 | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_BITMAP | 0x55a048 | 0xc0 | data | English | United States | 1.0572916666666667 |
| RT_BITMAP | 0x55a108 | 0x48 | data | 1.1527777777777777 | ||
| RT_BITMAP | 0x55a150 | 0x48 | data | 1.1527777777777777 | ||
| RT_BITMAP | 0x55a198 | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_BITMAP | 0x55a278 | 0x48 | data | 1.1527777777777777 | ||
| RT_BITMAP | 0x55a2c0 | 0x48 | data | 1.1527777777777777 | ||
| RT_BITMAP | 0x55a308 | 0xe8 | data | English | United States | 1.0474137931034482 |
| RT_BITMAP | 0x55a3f0 | 0xc0 | data | English | United States | 1.0572916666666667 |
| RT_BITMAP | 0x55a4b0 | 0xc8 | data | Czech | Czech Republic | 1.055 |
| RT_BITMAP | 0x55a578 | 0x2d0 | data | 1.0152777777777777 | ||
| RT_BITMAP | 0x55a848 | 0x98 | data | English | United States | 1.0723684210526316 |
| RT_BITMAP | 0x55a8e0 | 0x98 | data | English | United States | 1.0723684210526316 |
| RT_BITMAP | 0x55a978 | 0xe0 | data | English | United States | 1.0491071428571428 |
| RT_ICON | 0x5a1c74 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.5067567567567568 |
| RT_ICON | 0x5a1da0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | United States | 0.4819364161849711 |
| RT_ICON | 0x5a230c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.2154255319148936 |
| RT_ICON | 0x5a2778 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.3897849462365591 |
| RT_ICON | 0x5a2a64 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | English | United States | 0.4038808664259928 |
| RT_ICON | 0x5a3310 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.12218574108818012 |
| RT_ICON | 0x5a43bc | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.25914634146341464 |
| RT_ICON | 0x5a4a28 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.2977078891257996 |
| RT_ICON | 0x5a58d4 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.08246887966804979 |
| RT_DIALOG | 0x560c40 | 0x52 | data | 1.1341463414634145 | ||
| RT_DIALOG | 0x560c94 | 0x52 | data | 1.1341463414634145 | ||
| RT_STRING | 0x560ce8 | 0x1bc | data | 1.0247747747747749 | ||
| RT_STRING | 0x560ea4 | 0x228 | data | 1.019927536231884 | ||
| RT_STRING | 0x5610cc | 0x3d4 | data | 1.0112244897959184 | ||
| RT_STRING | 0x5614a0 | 0x5b0 | data | 1.007554945054945 | ||
| RT_STRING | 0x561a50 | 0x3a8 | data | 1.0117521367521367 | ||
| RT_STRING | 0x561df8 | 0x46c | data | 1.0097173144876326 | ||
| RT_STRING | 0x562264 | 0x43c | data | 1.0101476014760147 | ||
| RT_STRING | 0x5626a0 | 0x488 | data | 1.0094827586206896 | ||
| RT_STRING | 0x562b28 | 0x390 | data | 1.0120614035087718 | ||
| RT_STRING | 0x562eb8 | 0x404 | data | 1.0107003891050583 | ||
| RT_STRING | 0x5632bc | 0x440 | data | 1.010110294117647 | ||
| RT_STRING | 0x5636fc | 0x34c | data | 1.0130331753554502 | ||
| RT_STRING | 0x563a48 | 0x390 | data | 1.0120614035087718 | ||
| RT_STRING | 0x563dd8 | 0x288 | data | 1.0169753086419753 | ||
| RT_STRING | 0x564060 | 0x2b0 | data | 1.0159883720930232 | ||
| RT_STRING | 0x564310 | 0x1dc | data | 1.023109243697479 | ||
| RT_STRING | 0x5644ec | 0x118 | data | 1.0392857142857144 | ||
| RT_STRING | 0x564604 | 0x108 | data | 1.0416666666666667 | ||
| RT_STRING | 0x56470c | 0x2b8 | data | 1.0158045977011494 | ||
| RT_STRING | 0x5649c4 | 0x38c | DOS executable (COM) | 1.0121145374449338 | ||
| RT_STRING | 0x564d50 | 0x37c | data | 1.0123318385650224 | ||
| RT_STRING | 0x5650cc | 0x328 | OpenPGP Secret Key | 1.0136138613861385 | ||
| RT_STRING | 0x5653f4 | 0x1c0 | data | 1.0245535714285714 | ||
| RT_STRING | 0x5655b4 | 0x58c | OpenPGP Public Key | 1.0077464788732395 | ||
| RT_STRING | 0x565b40 | 0x1dc | data | 1.023109243697479 | ||
| RT_STRING | 0x565d1c | 0x3e0 | data | 1.0110887096774193 | ||
| RT_STRING | 0x5660fc | 0x3d8 | data | 1.011178861788618 | ||
| RT_STRING | 0x5664d4 | 0x33c | data | 1.0132850241545894 | ||
| RT_STRING | 0x566810 | 0x43c | data | 1.0101476014760147 | ||
| RT_STRING | 0x566c4c | 0x58c | data | 1.0077464788732395 | ||
| RT_STRING | 0x5671d8 | 0x46c | data | 1.0097173144876326 | ||
| RT_STRING | 0x567644 | 0x2ec | DOS executable (COM) | 1.0147058823529411 | ||
| RT_STRING | 0x567930 | 0x2b0 | data | 1.0159883720930232 | ||
| RT_STRING | 0x567be0 | 0x44c | data | 1.01 | ||
| RT_STRING | 0x56802c | 0x124 | data | 1.0376712328767124 | ||
| RT_STRING | 0x568150 | 0xd4 | data | 1.0518867924528301 | ||
| RT_STRING | 0x568224 | 0x288 | data | 1.0169753086419753 | ||
| RT_STRING | 0x5684ac | 0x11c | data | 1.0387323943661972 | ||
| RT_STRING | 0x5685c8 | 0x3d0 | data | 1.0112704918032787 | ||
| RT_STRING | 0x568998 | 0x414 | DOS executable (COM, 0x8C-variant) | 1.010536398467433 | ||
| RT_STRING | 0x568dac | 0x428 | data | 1.0103383458646618 | ||
| RT_STRING | 0x5691d4 | 0x514 | data | 1.0084615384615385 | ||
| RT_STRING | 0x5696e8 | 0x280 | data | 1.0171875 | ||
| RT_STRING | 0x569968 | 0x3e0 | data | 1.0110887096774193 | ||
| RT_STRING | 0x569d48 | 0x4f8 | data | 1.0086477987421383 | ||
| RT_STRING | 0x56a240 | 0x38c | DOS executable (COM, 0x8C-variant) | 1.0121145374449338 | ||
| RT_STRING | 0x56a5cc | 0x374 | data | 1.012443438914027 | ||
| RT_STRING | 0x56a940 | 0x458 | data | 1.0098920863309353 | ||
| RT_STRING | 0x56ad98 | 0x10c | data | 1.041044776119403 | ||
| RT_STRING | 0x56aea4 | 0xcc | data | 1.053921568627451 | ||
| RT_STRING | 0x56af70 | 0x244 | data | 1.0189655172413794 | ||
| RT_STRING | 0x56b1b4 | 0x414 | data | 1.010536398467433 | ||
| RT_STRING | 0x56b5c8 | 0x358 | data | 1.0128504672897196 | ||
| RT_STRING | 0x56b920 | 0x310 | data | 1.0140306122448979 | ||
| RT_STRING | 0x56bc30 | 0x334 | data | 1.0134146341463415 | ||
| RT_RCDATA | 0x56bf64 | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0x56bf74 | 0x1a60 | data | 0.9995556872037915 | ||
| RT_RCDATA | 0x56d9d4 | 0x2 | Non-ISO extended-ASCII text, with no line terminators | English | United States | 5.0 |
| RT_RCDATA | 0x56d9d8 | 0x2992 | data | 0.9907912046607781 | ||
| RT_RCDATA | 0x57036c | 0xb72 | data | 1.0037542662116041 | ||
| RT_RCDATA | 0x570ee0 | 0xe38 | data | 1.003021978021978 | ||
| RT_RCDATA | 0x571d18 | 0x729 | data | 1.0060010911074742 | ||
| RT_RCDATA | 0x572444 | 0x52e | data | 1.0082956259426847 | ||
| RT_RCDATA | 0x572974 | 0xc14 | data | 1.0035575679172057 | ||
| RT_RCDATA | 0x573588 | 0x2efe | data | 0.9951787198669991 | ||
| RT_RCDATA | 0x576488 | 0x4b1 | data | 1.0091590341382182 | ||
| RT_RCDATA | 0x57693c | 0xa0b | data | 1.0042784908595876 | ||
| RT_RCDATA | 0x577348 | 0x4a0 | data | 1.0092905405405406 | ||
| RT_RCDATA | 0x5777e8 | 0x143a | data | 1.0021243723445346 | ||
| RT_RCDATA | 0x578c24 | 0x2b3 | data | 1.015918958031838 | ||
| RT_RCDATA | 0x578ed8 | 0x74e6 | data | 0.9947871416159861 | ||
| RT_RCDATA | 0x5803c0 | 0x2a55 | data | 0.9935406477807511 | ||
| RT_RCDATA | 0x582e18 | 0x6bf | data | 1.0063694267515924 | ||
| RT_RCDATA | 0x5834d8 | 0x113 | data | 1.04 | ||
| RT_RCDATA | 0x5835ec | 0x494 | data | 1.0093856655290103 | ||
| RT_RCDATA | 0x583a80 | 0xd549 | data | 0.945385615648065 | ||
| RT_RCDATA | 0x590fcc | 0x3c4 | data | 0.9813278008298755 | ||
| RT_RCDATA | 0x591390 | 0x161e | data | 0.9927587424938185 | ||
| RT_RCDATA | 0x5929b0 | 0x45d | data | 1.0098478066248882 | ||
| RT_RCDATA | 0x592e10 | 0xf07 | OpenPGP Secret Key | 0.9981804003119313 | ||
| RT_RCDATA | 0x593d18 | 0xfeb | data | 0.9936196319018404 | ||
| RT_RCDATA | 0x594d04 | 0x12ef | data | 0.9921600990303281 | ||
| RT_RCDATA | 0x595ff4 | 0xc32 | data | 0.9910313901345291 | ||
| RT_RCDATA | 0x596c28 | 0x39f | data | 1.011866235167206 | ||
| RT_RCDATA | 0x596fc8 | 0xd72 | OpenPGP Secret Key | 0.9930273097036607 | ||
| RT_RCDATA | 0x597d3c | 0x533 | OpenPGP Secret Key | 1.0082644628099173 | ||
| RT_RCDATA | 0x598270 | 0xef3 | data | 0.9918996603083355 | ||
| RT_RCDATA | 0x599164 | 0x491 | data | 0.8785286569717707 | ||
| RT_RCDATA | 0x5995f8 | 0x1ab | data | 1.0257611241217799 | ||
| RT_GROUP_CURSOR | 0x5997a4 | 0x14 | data | 1.45 | ||
| RT_GROUP_CURSOR | 0x5997b8 | 0x14 | data | 1.45 | ||
| RT_GROUP_CURSOR | 0x5997cc | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x5997e0 | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x5997f4 | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x599808 | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x59981c | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x599830 | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_CURSOR | 0x599844 | 0x14 | data | English | United States | 1.45 |
| RT_GROUP_ICON | 0x5a7e80 | 0x84 | data | English | United States | 0.6439393939393939 |
| RT_VERSION | 0x5a7f08 | 0x150 | data | English | United States | 0.5833333333333334 |
| RT_MANIFEST | 0x5a805c | 0x6a2 | XML 1.0 document, ASCII text, with CRLF line terminators | Russian | Russia | 0.4287396937573616 |
| DLL | Import |
|---|---|
| KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
| advapi32.dll | FreeSid |
| comctl32.dll | ImageList_Add |
| comdlg32.dll | PrintDlgW |
| gdi32.dll | Pie |
| netapi32.dll | NetWkstaGetInfo |
| ole32.dll | OleDraw |
| oleaut32.dll | VariantCopy |
| shell32.dll | DragFinish |
| user32.dll | GetDC |
| version.dll | VerQueryValueW |
| wininet.dll | InternetOpenW |
| winspool.drv | OpenPrinterW |
| wsock32.dll | htons |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Czech | Czech Republic |  |
| Russian | Russia |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 15:04:49 |
| Start date: | 04/05/2024 |
| Path: | C:\Users\user\Desktop\avz.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'572'352 bytes |
| MD5 hash: | 59E8187B34416258AE6AB3CDF4EE6628 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 1.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 8.9% |
| Total number of Nodes: | 326 |
| Total number of Limit Nodes: | 18 |
Graph
Function 0040E850 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E718 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E33C Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410B90 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00424E30 Relevance: 9.1, APIs: 6, Instructions: 83fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E91C Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA40 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00429D54 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D63C Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042BC90 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415EB8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D7CC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00425A74 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004165B8 Relevance: 1.5, APIs: 1, Instructions: 12windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004058C8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E14C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCF0 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00422AAC Relevance: 3.1, APIs: 2, Instructions: 93COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00424B74 Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00424D58 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00425874 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00429DD8 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00429E24 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00428164 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004412E8 Relevance: .4, Instructions: 408COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBA4 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004169B8 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 130libraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415F10 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00429E50 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 216threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A584 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004091E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F68 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406160 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A428 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CD4 Relevance: 9.2, APIs: 6, Instructions: 161fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004064AC Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BE4 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00439E3C Relevance: 7.8, APIs: 5, Instructions: 332COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043891C Relevance: 7.8, APIs: 5, Instructions: 269COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00428574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00416058 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00424BC0 Relevance: 6.1, APIs: 4, Instructions: 112timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DEEC Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004250B0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |