Windows
Analysis Report
GB72405.exe
Overview
General Information
Detection
Score: | 29 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64_ra
- GB72405.exe (PID: 5948 cmdline:
"C:\Users\ user\Deskt op\GB72405 .exe" MD5: B13E8F3D2779AA2102E2C3DB3B2957D2) - HDFloppyWrite.exe (PID: 7020 cmdline:
"C:\Users\ user\Deskt op\GB72405 \GB72405_A HDF.001\OM _LOCAL_FLO PPY_1.44MB _S520_v1_1 _DBSIGN\HD FloppyWrit e.exe" GB7 2405_AHDF. 001\OM_LOC AL_FLOPPY_ 1.44MB_S52 0_v1_1_DBS IGN MD5: D0509B5E9ECFB035B20942C012DE19EC)
- cleanup
Click to jump to signature section
Source: | Code function: | 0_2_00448850 | |
Source: | Code function: | 0_2_00448B40 | |
Source: | Code function: | 0_2_00426C76 | |
Source: | Code function: | 0_2_00449150 | |
Source: | Code function: | 0_2_00449130 | |
Source: | Code function: | 0_2_0042721E | |
Source: | Code function: | 0_2_0042742C | |
Source: | Code function: | 0_2_0042754F | |
Source: | Code function: | 0_2_004487F0 | |
Source: | Code function: | 0_2_00448870 | |
Source: | Code function: | 0_2_00448930 | |
Source: | Code function: | 0_2_00448AF0 | |
Source: | Code function: | 0_2_00448B60 | |
Source: | Code function: | 0_2_00448B00 | |
Source: | Code function: | 0_2_00448B20 | |
Source: | Code function: | 0_2_00448B80 | |
Source: | Code function: | 0_2_00448D60 | |
Source: | Code function: | 0_2_00448D30 | |
Source: | Code function: | 0_2_00448D80 | |
Source: | Code function: | 0_2_00426F0A |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00426F0A |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_00418A8E |
Source: | Code function: | 0_2_00441000 | |
Source: | Code function: | 0_2_00422440 | |
Source: | Code function: | 0_2_0043F880 | |
Source: | Code function: | 0_2_00481061 | |
Source: | Code function: | 0_2_0043A1D0 | |
Source: | Code function: | 0_2_004751E0 | |
Source: | Code function: | 0_2_00446190 | |
Source: | Code function: | 0_2_00474420 | |
Source: | Code function: | 0_2_00443480 | |
Source: | Code function: | 0_2_0047A58E | |
Source: | Code function: | 0_2_004815A3 | |
Source: | Code function: | 0_2_00443970 | |
Source: | Code function: | 0_2_00438A76 | |
Source: | Code function: | 0_2_00481AE5 | |
Source: | Code function: | 0_2_00475B7F | |
Source: | Code function: | 0_2_0046EC87 | |
Source: | Code function: | 0_2_00482E9C | |
Source: | Code function: | 0_2_00441F40 | |
Source: | Code function: | 0_2_0047BF0F |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_004488F0 |
Source: | Code function: | 0_2_00419044 |
Source: | Code function: | 0_2_0043EAB0 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_3_007AFA52 | |
Source: | Code function: | 0_3_007AFA46 | |
Source: | Code function: | 0_3_007B742E | |
Source: | Code function: | 0_3_007AFA32 | |
Source: | Code function: | 0_3_007BFD35 | |
Source: | Code function: | 0_3_007BFE9D | |
Source: | Code function: | 0_3_007B4EED | |
Source: | Code function: | 0_3_007B7286 | |
Source: | Code function: | 0_2_004751D8 | |
Source: | Code function: | 0_2_0047F883 | |
Source: | Code function: | 0_2_00416E12 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-44669 |
Source: | API call chain: | graph_0-44670 |
Source: | Code function: | 0_2_0046E052 |
Source: | Code function: | 0_2_0048332F |
Source: | Code function: | 0_2_0046E052 | |
Source: | Code function: | 0_2_00474302 | |
Source: | Code function: | 0_2_00471A99 |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0047E922 |
Source: | Code function: | 0_2_0043F880 | |
Source: | Code function: | 0_2_004830DA | |
Source: | Code function: | 0_2_0047F0AA |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00473B6B |
Source: | Code function: | 0_2_00483143 |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 12 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Data Encrypted for Impact |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Process Injection | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Install Root Certificate | LSA Secrets | 35 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
1% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438236 |
Start date and time: | 2024-05-08 13:57:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | GB72405.exe |
Detection: | SUS |
Classification: | sus29.winEXE@3/22@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, evoke-windowsservices-tas.msedge.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 617472 |
Entropy (8bit): | 5.509625178383621 |
Encrypted: | false |
SSDEEP: | 12288:r8gFmR013n1UD3EPPSh5Cr+e+7IumriVDkN:AgFuOn1UDAQIr+tkzGa |
MD5: | D0509B5E9ECFB035B20942C012DE19EC |
SHA1: | 22316B5EFD436411AE0B45E9708953C6D035D622 |
SHA-256: | 1B8649568030B93C83B07DBE8991F3465361ED67EFCCA9D9C6FAA4FF8E2A0D05 |
SHA-512: | F5FFEDB1476238EFE591B4086F593C9460E96E5859372F0F998E6E6FCE5AD56CDFC8C9206644DBD419C9752B6DE15BB49A9FC38B665556DE53116CE5A204D8F2 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\12405001.001
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1053000 |
Entropy (8bit): | 7.6028349696282715 |
Encrypted: | false |
SSDEEP: | 24576:ZJOazTtnZZiN4zcjChQejR+Sl/F2CCxQ9ZuxqEsJG3wh8gX4Q8:ZMmTRS6zcjpejR+CiQ9ZuxqEsJGb |
MD5: | 81BB9709B9AB1D05A4BF5EECBB4984F1 |
SHA1: | 402B7346E5BCCF96945918FBDD0863D005E0059F |
SHA-256: | 8AD7AF09DCD186A22A33ECD1BE4CA34386BB557CF1A04931B09D939BE83D5A5C |
SHA-512: | 0F8C7FA270D8475FA67ECC8481836A91FCB7CD23BC8B703100EDFE1E6A085E979D5699C9CBB711D7CF19ADC0EC302D506ECA08A4C8A508E896C5388EA962165E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\12405001.HDR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 178 |
Entropy (8bit): | 4.432825491043181 |
Encrypted: | false |
SSDEEP: | 3:yjIxnlNkVM8/ShkQll/lv2El+pmstl:yjIxlyVM8/SmQlX3s |
MD5: | EE249DE76B373A5AF8865CEC7731F864 |
SHA1: | 2B74DD8B44C27975E62F2AD3787BDAABA7E5B679 |
SHA-256: | C9CA0C0B7D39702F922AE17603A41F982E306788924683AD87161B9505EA8214 |
SHA-512: | FB33275DC35623E81613EDC029C286314730D7227F5F82BD7BB9F5A9F366F867111564793E5C11AF04EEC487792D08FCCD9D6B48B109F6D5ABB4F8FD020C57FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\CONFIG.LDR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151 |
Entropy (8bit): | 4.060205518188182 |
Encrypted: | false |
SSDEEP: | 3:bqxhFUoc7Nt/JxZ+2RIVlLYxT8yHjYvbVWvwvyHSYVJVWvWYwvHmVbVWvCVyn:GhuNNVJxIPu8KYpWvwaHSwbWvWFHmbWf |
MD5: | FD5BEA6091D9ABDE5906291263EDFBC2 |
SHA1: | 9DEA0239BA8B4146F0A2BCF6289EBA22B8F854B7 |
SHA-256: | 805FF040C0E70E9C7ADB35D8FFA2B153B344BC28ECA49B28D92FD28C4E3D0FCF |
SHA-512: | 18FAAEEE4548792C6BE8C36091075B2C6007DFE28CCC35DFEF029FC7CB4ADD78AAD7E209213FAE1964E938BBE3F6A2BD727AB9F888BB06F5720C19264BDAAF93 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\DISK.DIR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.382641900003363 |
Encrypted: | false |
SSDEEP: | 3:vwRFRPhLM/Gb3n:oR1LsGTn |
MD5: | 5435A7D48F1F3F7D9B0D8B5D3CA84121 |
SHA1: | C291E62FBE13B8898FC6180DCE0077040BB7F2AB |
SHA-256: | FA807CD27C073523B7277C442CA2E426FCA07B8780DD71C5E0D21029FB39CE1B |
SHA-512: | F219EA6E513F96B01A6F446D757AB18C41F6C11670DBCB969165860C2F2466E8D77A85EC4E5A15F5E70E0835FCCEC0047BF840266F168D1BD4D93DB7E4ADA828 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\S.N
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1118 |
Entropy (8bit): | 4.447300075378675 |
Encrypted: | false |
SSDEEP: | 24:6NInTWWNiEECIxWP3L0zVFI8JVUzwVpIwsS:6UyeiEEwP70zVvywVyS |
MD5: | BF58798DC34E50D6F47906FB5D34C25A |
SHA1: | 6463E202FB889722A7964E93E46160D40E57426B |
SHA-256: | D6881ED64244C1C45A49CAE767DE55299D54137FBEBFE2AC90F7788357126976 |
SHA-512: | 45C6E08DDE0BFE000CFBBEC95391CE1FAFF46286318A905B123D4CC866C124A96E82CF66ED0076E412D54BFAD7FD29DD12E4645C27649A0EAB08435CE92A5D31 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media1\crate.dsf
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26654 |
Entropy (8bit): | 7.992122471898091 |
Encrypted: | true |
SSDEEP: | 768:AF2I7d6OAl5NAPkF37LT1wBm1ZaDPO6dWMBBE:AF16/l5OPktpKD2iK |
MD5: | 2C479C23A59ECD32BDFDEF985F03FD4B |
SHA1: | 8CB78D6F6C2FF64C7606F0FA1BB5DC210A8AC7EE |
SHA-256: | 5501C761C5820FCE997648FBCE84E6D2C0BB16CF1E0255E641FBBB60C69D03CB |
SHA-512: | 89FD552B6C3E040F2552B12E063F0A8A1E8E5F47C1D43717BF68F99A1DCAFD75C1392BC723E1E4509972BBB260D88CAA8E75237E377E3F331D85F160324084F4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media2\12405001.001
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1053000 |
Entropy (8bit): | 6.439671074685941 |
Encrypted: | false |
SSDEEP: | 12288:m7WYot2ahbMb4891fORjil76yds8i1kCCkbmz5+r9r:f3d89xOYhds8i1kCCz+5 |
MD5: | 647CF8DF0311F92492FF3A45D4ED99E7 |
SHA1: | 7A0FEBBAA39056199CC48A56379C31D3A74BEEAA |
SHA-256: | C3387F142AE26E9250AA39D000195C3CC8B125EF4F2328C3A8A8DBF387D89194 |
SHA-512: | B461943AEC9B3CCE7963C7689B2CD4351480E44CCC8D475D71B92BD42DFCB18536B204A16CFD245E03A8422E2E6C07294014E1620EB54DB002243402A7DD368A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media2\CONFIG.LDR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151 |
Entropy (8bit): | 4.0673599252176915 |
Encrypted: | false |
SSDEEP: | 3:bqxhFUoc7Nt/JxZ+2RIVlLY4IyHjYvbVWvwvyHSYVJVWvWYwvHmVbVWvCVyn:GhuNNVJxIPDIKYpWvwaHSwbWvWFHmbWf |
MD5: | 843A2A40BA4AEB30857EB61FEB7FC7B4 |
SHA1: | DACC5EE7552912E7BA3E27A01A9A9A92D250EFEB |
SHA-256: | 086A7AA1804FFFFBECA7B28D87AFB9DE394B31AF459529F3D31DBC8BCFF77347 |
SHA-512: | C18F994636D83430CFA78C6A6F2AC5D6628D957A3754F5ED319CA6BB55B6A069AB3CA13D34DCA90E35526428928FDE42589A87C759E2AFC9D4C02A4CA33DD668 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media2\DISK.DIR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.3350228523843155 |
Encrypted: | false |
SSDEEP: | 3:vwRFRMh9D7b3n:oRorD7Tn |
MD5: | 6E1F5D3DF48356738C1AF805427932B2 |
SHA1: | 91FB3AF2B2D6132918251022A4E18D0161ED3148 |
SHA-256: | BA4E1FD61753E624B0DE8CEF28567439841F92665B8EB4D1D7D09AC8C1F2C6FE |
SHA-512: | 60531EB32DEEB98E515904DF43089A64F7227C89B87DBECD6E999B5473D148338AE2765056BCAB321CA225E17F61DBEE3B15DB4FC314EEF94DC36813B62C48FD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media2\S.N
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1118 |
Entropy (8bit): | 4.4469946725251 |
Encrypted: | false |
SSDEEP: | 24:TNInTWWNiEECIxWP3L0zVFI8JVUzwVpIwsS:TUyeiEEwP70zVvywVyS |
MD5: | F81C607922D69450A42C79C5186C066E |
SHA1: | CDAEB1CEA7EA1E5101575DB9E48526AA3347E79B |
SHA-256: | A2C2C8B266F3463C0A97A489E368276017288843FE6E67B7B9B7DCC4519360F8 |
SHA-512: | 3593851BA200C6EC5A2571D4140202860F4D28AD159D0170E2382E7388CFE2A5A7AE26FF6C858B1129FC059A6F156A97B02966A0E24789FE08FEECEA8D81F322 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media2\crate.dsf
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26296 |
Entropy (8bit): | 7.992987192648561 |
Encrypted: | true |
SSDEEP: | 768:/IMKiCBWQDP2kqIXrGs2pnGtg37MgpsKL4U20A:/IJb2WaHpnUA1pdW |
MD5: | 09AA58F1E2BD3B1C78C3F60B05F1537A |
SHA1: | 7408DFC7C4299876EFF9D739AD16A74466D4C60B |
SHA-256: | 17FDF943E96EA2B4AB14A458375F29C428B1A3A44E58157972A9BBB84F2EA55D |
SHA-512: | 5126DAD53324B54ACC3FD48FC9713C63843349BA3A4ACC85EF1344E6E392E8E577367249B3C7FA8589AC8CDE5794F6D0F5B7226AE86BD78D2FDD52A9AFC11A67 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media3\12405001.001
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1053000 |
Entropy (8bit): | 7.007585228940397 |
Encrypted: | false |
SSDEEP: | 12288:x/+cbPvcaNKJqhS43pYhfsFr3Xs9P+bywjuSDs+54xN7gU8V9PP0xQs+fhZ5kTHb:x/+9a3hS432kyw3ENXO10iVcH7epw |
MD5: | 24FDB638895EE77CEF1273A27F628C82 |
SHA1: | 60C91CB6F705A40F848CA3BFE58C31E8024391B3 |
SHA-256: | 0B133A35E5A0B79B862533BFB2CAF70FCA5C98275F70D123ADA408CF877DBB02 |
SHA-512: | 1B9FB9BB06ABE1C2227A113B5F257848EA42C311820D3F79B5638CE0B51163C0B0E51C5A92BDADCD94A708DA17D9E71E3D63A001F8C466ADCBC06DC3B2915FF6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media3\CONFIG.LDR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151 |
Entropy (8bit): | 4.0673599252176915 |
Encrypted: | false |
SSDEEP: | 3:bqxhFUoc7Nt/JxZ+2RIVlLYvvBRwyHjYvbVWvwvyHSYVJVWvWYwvHmVbVWvCVyn:GhuNNVJxIPOBqKYpWvwaHSwbWvWFHmbu |
MD5: | 55295A6DECEECF4C2F82E6AF89EA160F |
SHA1: | 29424290877DFFDCD1ADBF733D4269019CEAF9D0 |
SHA-256: | 6B7D1BC9065F694630304F7171E5F5CB6359B6FA86D14B6F47A764D0A2C00695 |
SHA-512: | B6CD096C394FFBA633C2C10DD28C389AE4BA3D672066265DBDE18C658D9C976BB78FD3CEFE9C8C3B1F03CD4854323899561B3A59F7ACA1AC51E504E2C4B4F767 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media3\DISK.DIR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.43026094762241 |
Encrypted: | false |
SSDEEP: | 3:vwRFRNhrFGb3n:oRPr0Tn |
MD5: | AC293C6DC875131E0A719D066712F977 |
SHA1: | 69B2C4A67C91FAC3EDBF92F011176897F6D2AC07 |
SHA-256: | 303BFDFD243758937052615A8C02B2963BF21024A770DEDD2965021CABFC8308 |
SHA-512: | C4C46E1DC1D3018E72379416587C6E17282F4A739809E0E0F3D51720CEA6B321D9F0D1C3E22CC39C1B7C3774E67185030C05122FCB65421D83102190F742FEEB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media3\S.N
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1118 |
Entropy (8bit): | 4.449400715401569 |
Encrypted: | false |
SSDEEP: | 24:0NInTWWNiEECIxWP3L0zVFI8JVUzwVpIwsS:0UyeiEEwP70zVvywVyS |
MD5: | 332F0079BD0E0AC086D0A2AFFB8C1C14 |
SHA1: | D86D8F45D411855F78C8C80BA1D1CF40D14D8665 |
SHA-256: | 5A6D7C2FBC164E2AD470E94D94D5257B70783CA674792AD5524C2AB11FBD6AFE |
SHA-512: | D3DAC137A302D6539CE1E31FB6483910929258160B55F03ED0F338BEDEE201F5E90024C6E2E1375B0FD8E0857263149E5584B1A5EF5958C4A637C7AC49185CC7 |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media3\crate.dsf
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26296 |
Entropy (8bit): | 7.991145685839193 |
Encrypted: | true |
SSDEEP: | 768:hViQLn2D4zRRYdkDBOHyrLZrFVQWFsUfKjrwnHM9QxO:mQT2D4zzYwLL9jQWF9fKjcHM9GO |
MD5: | 613390EF593C9486963AD231268D4721 |
SHA1: | D748BBFE5C6C57149061808D737B97CDE15EC94D |
SHA-256: | 784D516AF910DE387DE64225D290C3608DC353BADA5D252325048D8C81097784 |
SHA-512: | 180689DDD9B3D5C893890F3B09C27A63EC6D3F64E4AF7C73DA61082100837D8AB3AAA682BAA9B57705993A8A4EE3A655839126F0E9C6A45B7B7AC4D85E271350 |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media4\12405001.001
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1052480 |
Entropy (8bit): | 6.90960363208856 |
Encrypted: | false |
SSDEEP: | 24576:Cz3BPm1xEd1TF0cV9CH1qTkvimvpAf+A3an4414t+Z:aItckqQKQm+ka4I40 |
MD5: | 0E493DC717260A752C115A46DC35D6B6 |
SHA1: | 8806DA76BF88D673643BB41DC70FF0CB83458B41 |
SHA-256: | 7D0E451E76833009CF0FA2112F493B81B4CEA9A9D462415BB167B21C87FFF7FB |
SHA-512: | 0840990ED23868BBC72B794205C7E5D2E7586FB28BB4341B21F99426FC95E87EF04CD62021F1EE39C4BB2914787EE97274D55A85CEB7E83169AC53D6713C39D2 |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media4\CONFIG.LDR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151 |
Entropy (8bit): | 4.080604958330274 |
Encrypted: | false |
SSDEEP: | 3:bqxhFUoc7Nt/JxZ+2DeSoLYOTYRyHjYvbVWvwvyHSYVJVWvWYwvHmVbVWvCVyn:GhuNNVJxI135IKYpWvwaHSwbWvWFHmbu |
MD5: | F27FC8D933A5F89B09D65046EFF240F5 |
SHA1: | 002AF94078AC5E84801010D7DCB13506321924C3 |
SHA-256: | EBF15C7B0D86F63AF5984DB68F5219EA1DC4496CF7A211D48F85B3D21FE620F9 |
SHA-512: | 5A468896DDCF25440617C196956FDB0A9AF42D7E8CD6EFAD8EA973F9C76EAC81800B97BF64902E31E65DC5F24B6C9DF9D3076EA25657321D36F49823E695A6ED |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media4\DISK.DIR
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.382641900003363 |
Encrypted: | false |
SSDEEP: | 3:vwRFRKh0SIb3n:oRuySITn |
MD5: | 4FC3011D49E59DED3A1C4E1B6D55568C |
SHA1: | C1FF0312A33BA489A9ADE6FA32B468848F011334 |
SHA-256: | E3C85227E54B8A695D64C0EB547322DF0C25BA7B48BA3D1AB068FFE6BB2542F0 |
SHA-512: | BA0D62CC983A0137A24AC573B76F10A4FA6340FA728F6DE7A583A92C02CD76FED667AA480FF92322A624560177D96D0D48D5E767941ADADAB650BD63BD3B7282 |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media4\S.N
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1118 |
Entropy (8bit): | 4.44770113174335 |
Encrypted: | false |
SSDEEP: | 24:NNInTWWNiEECIxWP3L0zVFI8JVUzwVpIwsS:NUyeiEEwP70zVvywVyS |
MD5: | 4DEA28C12D74C13C12D1173F30C3487B |
SHA1: | B6BFA31854135E2826C5F35BFFE9C7E4C7DFE71E |
SHA-256: | E017D37DAB8DCD1C6AFBDEE76DD74F36B47B53C5E228BDAB66DD537B329F9516 |
SHA-512: | D9F61175834E55C7CB2C06559C3AB37AE2B330EFDAC443FE4CC20CCD7614F73882F1AB513E96F40EB3A7FFD48D7B88E259ADED997A84F18B54423D93831FDD8D |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\media4\crate.dsf
Download File
Process: | C:\Users\user\Desktop\GB72405.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26296 |
Entropy (8bit): | 7.9929993592679 |
Encrypted: | true |
SSDEEP: | 768:xyyOWT+t9x5bFRvTIFXgQEbDiGMV0Jsfde:xy5WT+t9F5TIVGmGMBde |
MD5: | 021AB084A95561E884AEBB9E8EE5A5E2 |
SHA1: | 88B91114B5E0D5B418F3DFA949BE47DC1ACC4DE1 |
SHA-256: | 9A1D7F71834CDEDF146547E6A31715A5DF2FBA682ED50E947707630FC14E066D |
SHA-512: | B1EF4D200D3439C7D46E5499585B9F710BD2B8757FFA83F4C9E23EFCB8D9FBAA5D9FD2CCECAC96B6157C8C42F7A5A929C7D2B08968C5CE05A9D261549D2BD478 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.946658322764787 |
TrID: |
|
File name: | GB72405.exe |
File size: | 3'110'227 bytes |
MD5: | b13e8f3d2779aa2102e2c3db3b2957d2 |
SHA1: | c15973faef8acbbf35b5b8361d3282bc4f2aaa23 |
SHA256: | c96632658ed3356d4a3615740999a04f70f77a7cf60263be59b3f2ac28e0eec7 |
SHA512: | 34a0e812c1055444db8c744346b290ae8a972cad8f2112ac44889794ddb318f1001f395cf8f4337260544c82a4349fa14ce53a866c4bdce3c6f422eea05391d7 |
SSDEEP: | 49152:JTYaVuY9Rrux2tTbcKdHili63l+1czHlpTLXaOPmYlvpzY9uZouyNDLS939:bVa2tTbc4Cli61Nrz3t7UCK6N9 |
TLSH: | 72E523253B90F5ABD279043288E6F6EC1123B5383FDA41FBB6A7930EDD255E01E39590 |
File Content Preview: | MZ......................@.......PK00....................................!..L.!This program cannot be run in DOS mode....$.........Vk..88..88..88..F8..88..E8..88..C8..88..98..88..U8..88..V8..88..J8..88..D8..88..@8..88Rich..88........PE..L.....$I........... |
Icon Hash: | 6c171670b2f63706 |
Entrypoint: | 0x4d4000 |
Entrypoint Section: | .pklstb |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x4924DF97 [Thu Nov 20 03:55:03 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | d48e0557e81f1974982e52a9aab79b46 |
Instruction |
---|
push 004D4080h |
push 0052624Dh |
push 00000000h |
call 00007F5DE884A2AEh |
jmp 00007F5DE879500Dh |
inc eax |
sub byte ptr [ebx], ah |
sub dword ptr [eax+4Bh], edx |
dec esp |
dec ecx |
push esp |
inc ebp |
xor esi, dword ptr [edx] |
and byte ptr [ebx+6Fh], al |
jo 00007F5DE87F80EBh |
jc 00007F5DE87F80DBh |
push 39312074h |
cmp dword ptr [eax], edi |
and byte ptr [eax+4Bh], dl |
push edi |
inc ecx |
push edx |
inc ebp |
and byte ptr [ecx+6Eh], cl |
arpl word ptr [esi], bp |
sub al, 20h |
inc ecx |
insb |
insb |
and byte ptr [edx+69h], dl |
push 52207374h |
jnc 00007F5DE87F80D8h |
jc 00007F5DE87F80E8h |
and byte ptr fs:[eax], ch |
and al, 52h |
jbe 00007F5DE87F80DCh |
jnc 00007F5DE87F80DBh |
outsd |
outsb |
cmp ah, byte ptr [eax] |
and al, 29h |
add byte ptr [eax+4Bh], dl |
dec esp |
push esp |
xor esi, dword ptr [edx] |
add byte ptr [eax], al |
adc byte ptr [ecx], al |
add byte ptr [eax], al |
cmp eax, CC4E53E5h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
inc esp |
xor esp, dword ptr [edx] |
adc dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax+00h], al |
add eax, dword ptr [eax] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc esp |
xor esp, dword ptr [edx] |
adc dword ptr [edi+ecx], esi |
add byte ptr [eax], al |
sbb byte ptr [ecx], bl |
add byte ptr [eax], al |
call 00007F5DDF7F8D9Bh |
add al, 00h |
add byte ptr [ebp+1C685B57h], bh |
push ebp |
sbb dh, bh |
jbe 00008046h |
pop ecx |
xlatb |
sbb byte ptr [ebx-2Dh], ah |
stosb |
mov ch, 5Eh |
push esi |
stosb |
bound ecx, dword ptr [ecx] |
pop esi |
dec eax |
adc dword ptr [ecx-13644B4Bh], ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb51f0 | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xcd000 | 0x661c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x12b000 | 0x3c | .relo2 |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8d000 | 0x5a8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8b733 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x8d000 | 0x2a1c2 | 0x2b000 | 66289573eda3292ab9772c8f6b413c88 | False | 0.4083621002906977 | data | 5.515523844107394 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xb8000 | 0x14e08 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xcd000 | 0x661c | 0x6000 | 5a3adee0c83718d01de281dfb0f8a2c4 | False | 0.5048828125 | data | 5.2904653302795825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pklstb | 0xd4000 | 0x57000 | 0x53000 | 1034945e66373f90783860c013b839c7 | False | 0.9877488469503012 | data | 7.991138007494125 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.relo2 | 0x12b000 | 0x3c | 0x1000 | d1c60badcb3f2be38f15e735e0bb65fc | False | 0.0224609375 | data | 0.14178970673358426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PKTEXT | 0xcd3b4 | 0x1b9a | Zip archive data, at least v5.0 to extract, compression method=deflate | English | United States | 0.95810925559015 |
RT_ICON | 0xcef50 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.45564516129032256 |
RT_ICON | 0xcf238 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | United States | 0.5743243243243243 |
RT_ICON | 0xcf360 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.22174840085287847 |
RT_ICON | 0xd0208 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5938628158844765 |
RT_ICON | 0xd0ab0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4421965317919075 |
RT_ICON | 0xd1018 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152, 16 important colors | English | United States | 0.36341463414634145 |
RT_ICON | 0xd1680 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.3602150537634409 |
RT_ICON | 0xd1968 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.24193548387096775 |
RT_ICON | 0xd1c50 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.23521505376344087 |
RT_DIALOG | 0xd26e8 | 0x11a | data | English | United States | 0.04609929078014184 |
RT_DIALOG | 0xd2804 | 0x5c0 | data | English | United States | 0.01358695652173913 |
RT_DIALOG | 0xd2dc4 | 0x20e | data | English | United States | 0.026615969581749048 |
RT_DIALOG | 0xd2fd4 | 0x14c | data | English | United States | 0.2727272727272727 |
RT_DIALOG | 0xd3120 | 0x26a | empty | English | United States | 0 |
RT_DIALOG | 0xd338c | 0x18a | empty | English | United States | 0 |
RT_DIALOG | 0xd3518 | 0xd8 | empty | English | United States | 0 |
RT_STRING | 0xd35f0 | 0x2c | empty | English | United States | 0 |
RT_GROUP_ICON | 0xd1f38 | 0x5a | data | English | United States | 0.7777777777777778 |
RT_GROUP_ICON | 0xd1f94 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0xd1fa8 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0xd1fbc | 0x14 | data | English | United States | 1.25 |
RT_VERSION | 0xd1fd0 | 0x410 | data | English | United States | 0.43653846153846154 |
RT_MANIFEST | 0xd23e0 | 0x168 | ASCII text, with CRLF line terminators | English | United States | 0.6444444444444445 |
DLL | Import |
---|---|
CRYPT32.dll | CertGetNameStringW, CertGetCertificateContextProperty, CertGetIntendedKeyUsage, CertNameToStrW, CryptImportPublicKeyInfo, CryptVerifyCertificateSignature, CertEnumCertificatesInStore, CertOpenSystemStoreW, CertDeleteCertificateFromStore, CertDuplicateCertificateContext, CertOpenStore, CryptAcquireCertificatePrivateKey, CertSetCertificateContextProperty, CryptHashPublicKeyInfo, CertFreeCertificateContext, CertCloseStore |
KERNEL32.dll | GetDriveTypeW, GetTempFileNameA, MoveFileExA, GetDiskFreeSpaceW, GetFullPathNameW, GetShortPathNameW, GetFullPathNameA, GetVolumeInformationA, LoadLibraryA, GetTempPathW, MoveFileExW, GetShortPathNameA, GetTempFileNameW, MoveFileA, DeleteFileW, Sleep, CreateDirectoryW, CreateDirectoryA, GetTempPathA, SetFileAttributesW, CreateFileA, GetDiskFreeSpaceA, DeleteFileA, GetVolumeInformationW, GetVersionExW, GetCurrentDirectoryW, DeviceIoControl, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesW, MoveFileW, SetFileTime, GetCurrentDirectoryA, GetFileInformationByHandle, SetFilePointer, GetFileType, SetEndOfFile, ReadFile, FlushFileBuffers, GetStringTypeExA, UnmapViewOfFile, GetLocaleInfoW, GetUserDefaultUILanguage, MapViewOfFile, CreateFileMappingW, ReleaseMutex, CreateMutexW, GetLocaleInfoA, GetDateFormatA, GetDateFormatW, FileTimeToSystemTime, GetProcAddress, GetNumberFormatW, CompareFileTime, GetVersion, GetStdHandle, QueryPerformanceCounter, GetCurrentProcessId, GlobalMemoryStatus, GetVersionExA, VirtualFree, VirtualAlloc, CompareStringW, CompareStringA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, SetHandleCount, GetCommandLineW, GetCommandLineA, SetFileAttributesA, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, HeapSize, HeapCreate, HeapDestroy, ExitProcess, GetModuleHandleA, RtlUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, GetProcessHeap, CreateThread, ExitThread, HeapAlloc, HeapReAlloc, HeapFree, LoadLibraryExW, SizeofResource, GetStringTypeA, GetModuleHandleW, GetTickCount, GetStringTypeW, SetCurrentDirectoryA, LCMapStringA, LCMapStringW, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, GetThreadLocale, InterlockedCompareExchange, IsProcessorFeaturePresent, lstrcmpiW, SetCurrentDirectoryW, FreeLibrary, MultiByteToWideChar, WideCharToMultiByte, GlobalUnlock, GetCurrentThreadId, GlobalLock, LeaveCriticalSection, GlobalAlloc, EnterCriticalSection, lstrlenW, GetModuleFileNameW, SetLastError, LockResource, InitializeCriticalSection, LoadResource, FindResourceW, InterlockedIncrement, DeleteCriticalSection, MulDiv, lstrcmpW, GetLastError, GlobalFree, GlobalHandle, InterlockedDecrement, CloseHandle, CreateFileW, WriteFile, GetFileAttributesExW, GetDriveTypeA, LocalFileTimeToFileTime, FileTimeToLocalFileTime, DosDateTimeToFileTime, FileTimeToDosDateTime, GetSystemTimeAsFileTime, SetThreadPriority, WaitForSingleObject, SetEvent, ResetEvent, CreateEventW, GetEnvironmentStringsW, InterlockedExchange, RaiseException, FlushInstructionCache, GetCurrentProcess, GetNumberFormatA |
USER32.dll | DestroyMenu, TrackPopupMenu, CreatePopupMenu, CreateAcceleratorTableW, GetActiveWindow, DialogBoxParamW, IsWindowVisible, LoadImageW, GetWindowTextA, GetCursorPos, MsgWaitForMultipleObjects, PeekMessageW, DdeCreateStringHandleW, IsDialogMessageW, TranslateMessage, DispatchMessageW, DestroyIcon, IsDlgButtonChecked, GetClassInfoExW, ReleaseDC, GetDlgItemTextW, RegisterClassExW, LoadCursorW, ClientToScreen, MessageBoxW, CharNextW, MoveWindow, InsertMenuW, GetSystemMenu, DestroyAcceleratorTable, EnableWindow, GetDesktopWindow, GetSysColor, DdeConnect, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, DdeClientTransaction, DdeGetLastError, GetUserObjectInformationW, GetProcessWindowStation, MessageBoxA, DdeInitializeW, CheckDlgButton, DialogBoxIndirectParamW, SetCapture, RegisterWindowMessageW, ReleaseCapture, IsChild, GetFocus, GetWindowTextLengthW, SetWindowContextHelpId, ShowWindow, PostMessageW, InvalidateRect, LoadStringW, RedrawWindow, FillRect, InvalidateRgn, SetCursor, GetDC, MapDialogRect, SetWindowPos, DrawTextW, SetDlgItemTextW, GetSystemMetrics, GetWindow, GetWindowTextW, SetWindowTextW, SetForegroundWindow, EndDialog, SetWindowLongW, SystemParametersInfoW, DestroyWindow, GetWindowRect, GetClientRect, GetWindowLongW, SendMessageW, ScreenToClient, DefWindowProcW, GetParent, CallWindowProcW, EndPaint, DrawIcon, BeginPaint, MapWindowPoints, CreateWindowExW, GetDlgItem, IsWindow, SetFocus, GetClassNameW, UnregisterClassA |
GDI32.dll | DeleteDC, DeleteObject, GetStockObject, GetDeviceCaps, GetTextExtentPoint32W, GetObjectW, CreateCompatibleBitmap, CreateCompatibleDC, CreateSolidBrush, BitBlt, SelectObject |
ADVAPI32.dll | RegSetValueExW, RegisterEventSourceA, ReportEventA, DeregisterEventSource, CryptGetUserKey, CryptAcquireContextA, CryptVerifySignatureW, CryptDestroyKey, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptSetHashParam, CryptDestroyHash, CryptReleaseContext, CryptAcquireContextW, CryptGenRandom, CryptDecrypt, RegDeleteValueW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW, RegEnumKeyExW, RegCreateKeyW, RegSetValueW, CryptGetProvParam, CryptImportKey, CryptGetKeyParam, CryptGenKey, CryptDeriveKey, CryptSetKeyParam |
SHELL32.dll | SHGetFolderPathW, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetMalloc, SHGetPathFromIDListW, SHBrowseForFolderW, ShellExecuteW, SHGetFileInfoW |
ole32.dll | CoCreateGuid, CoTaskMemRealloc, CoUninitialize, CoInitialize, CoTaskMemFree, OleUninitialize, CoGetClassObject, StringFromGUID2, CoCreateInstance, CoTaskMemAlloc, OleLockRunning, OleInitialize, CLSIDFromString, CLSIDFromProgID, CreateStreamOnHGlobal |
OLEAUT32.dll | VariantInit, VarUI4FromStr, SysStringLen, SysAllocString, SysStringByteLen, LoadTypeLib, LoadRegTypeLib, OleCreateFontIndirect, VariantClear, SysAllocStringLen, SysFreeString |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Create, ImageList_Destroy, InitCommonControlsEx |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 13:58:03 |
Start date: | 08/05/2024 |
Path: | C:\Users\user\Desktop\GB72405.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'110'227 bytes |
MD5 hash: | B13E8F3D2779AA2102E2C3DB3B2957D2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 15 |
Start time: | 13:59:01 |
Start date: | 08/05/2024 |
Path: | C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 617'472 bytes |
MD5 hash: | D0509B5E9ECFB035B20942C012DE19EC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 7.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 8.9% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 45 |
Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426C76 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191encryptionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048332F Relevance: 10.6, APIs: 7, Instructions: 59memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418A8E Relevance: 7.6, APIs: 5, Instructions: 73fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C16 Relevance: 67.2, APIs: 37, Strings: 1, Instructions: 719windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404D00 Relevance: 54.8, APIs: 28, Strings: 3, Instructions: 558windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403E4B Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 499windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E941 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 436comCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E860 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404582 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A575 Relevance: 7.7, APIs: 5, Instructions: 168fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129B0 Relevance: 7.6, APIs: 5, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417F59 Relevance: 7.6, APIs: 5, Instructions: 80fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040DFCF Relevance: 6.3, APIs: 4, Instructions: 266windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004316EC Relevance: 6.3, APIs: 4, Instructions: 260timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CFD6 Relevance: 6.2, APIs: 4, Instructions: 237windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A31D Relevance: 6.1, APIs: 4, Instructions: 108COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C7DE Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470B05 Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041237C Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412945 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A838 Relevance: 4.7, APIs: 3, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CC82 Relevance: 4.7, APIs: 3, Instructions: 200windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F110 Relevance: 4.7, APIs: 3, Instructions: 199COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004028E8 Relevance: 4.7, APIs: 3, Instructions: 175fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D76 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412AE6 Relevance: 4.6, APIs: 3, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418445 Relevance: 4.6, APIs: 3, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A47F Relevance: 4.6, APIs: 3, Instructions: 85fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004189B0 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041819F Relevance: 4.6, APIs: 3, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E918 Relevance: 4.5, APIs: 3, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404695 Relevance: 4.5, APIs: 3, Instructions: 46windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E8E3 Relevance: 4.5, APIs: 3, Instructions: 42windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421F83 Relevance: 3.4, APIs: 2, Instructions: 393COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042080E Relevance: 3.3, APIs: 2, Instructions: 335COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420D3B Relevance: 3.3, APIs: 2, Instructions: 297COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C502 Relevance: 3.2, APIs: 2, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042BF1C Relevance: 3.2, APIs: 2, Instructions: 192COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004210D4 Relevance: 3.1, APIs: 2, Instructions: 142COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423C01 Relevance: 3.1, APIs: 2, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402C12 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004179E3 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A1AB Relevance: 3.1, APIs: 2, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C399 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F4B2 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D0AD Relevance: 3.1, APIs: 2, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E854 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B51F Relevance: 3.0, APIs: 2, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425FED Relevance: 3.0, APIs: 2, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CF11 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C8B5 Relevance: 3.0, APIs: 2, Instructions: 29windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404C31 Relevance: 3.0, APIs: 2, Instructions: 28windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004212F4 Relevance: 2.0, APIs: 1, Instructions: 531COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421A03 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416F69 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431422 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ED4C Relevance: 1.6, APIs: 1, Instructions: 106comCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E91F Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438209 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436D2C Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042123A Relevance: 1.6, APIs: 1, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004362C7 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EE1D Relevance: 1.6, APIs: 1, Instructions: 58comCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EE4A Relevance: 1.6, APIs: 1, Instructions: 56comCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042AF4A Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437093 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402870 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AE73 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D803 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436E5F Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042CD25 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041505D Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B649 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056DA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414BF2 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413423 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448D80 Relevance: 9.3, APIs: 6, Instructions: 317COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426F0A Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042742C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98encryptionCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004830DA Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448D60 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10encryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00483143 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A1D0 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448870 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448AF0 Relevance: 1.5, APIs: 1, Instructions: 4encryptionCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448B80 Relevance: 1.5, APIs: 1, Instructions: 4encryptionCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438A76 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441F40 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443970 Relevance: .5, Instructions: 457COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443480 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00474420 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440770 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 223timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B87C Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 205comCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EEF2 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 270windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406CCF Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 303memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047630A Relevance: 22.7, APIs: 15, Instructions: 156fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F4E2 Relevance: 21.3, APIs: 14, Instructions: 292COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408574 Relevance: 21.1, APIs: 14, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004011C3 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B639 Relevance: 18.2, APIs: 12, Instructions: 185comCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411DE7 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004089A1 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 106windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00419DD6 Relevance: 15.1, APIs: 10, Instructions: 143fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040933C Relevance: 13.8, APIs: 9, Instructions: 319COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004017B1 Relevance: 13.6, APIs: 9, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412D6D Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00453AC0 Relevance: 13.6, APIs: 9, Instructions: 80registrywindowCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412668 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 176registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BBB4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 146memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041931E Relevance: 12.2, APIs: 8, Instructions: 183sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004024D4 Relevance: 12.1, APIs: 8, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040359A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047E5E5 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031D8 Relevance: 10.6, APIs: 7, Instructions: 89windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412595 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76registrystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004766E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418697 Relevance: 9.2, APIs: 6, Instructions: 238COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004054D6 Relevance: 9.2, APIs: 6, Instructions: 199windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411811 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004100FA Relevance: 9.1, APIs: 6, Instructions: 133stringCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D4BC Relevance: 9.1, APIs: 6, Instructions: 93windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409EE2 Relevance: 9.1, APIs: 6, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408573 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C203 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CBA1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478EDA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471852 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00473836 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A87F Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440A60 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D71 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418280 Relevance: 7.6, APIs: 5, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408878 Relevance: 7.6, APIs: 5, Instructions: 60windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E18D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411CDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405825 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041368B Relevance: 6.1, APIs: 4, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040DB81 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411A3D Relevance: 6.1, APIs: 4, Instructions: 76windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047679F Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004016D7 Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401744 Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410F86 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403503 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411517 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471F9F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B3DE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|