Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe |
| Analysis ID: | 1438248 |
| MD5: | 06feef43e18458e9f1052c6d485bdf57 |
| SHA1: | 0b67a57d2bae9757e7caceec8e557884e80ace5d |
| SHA256: | f48f22e583ad5628e34c5e76367deab519d49be78fc6741327bbc9386079538c |
| Tags: | exe |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe (PID: 2876 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. Trojan-Dro pper.Agent .26581.217 31.exe" MD5: 06FEEF43E18458E9F1052C6D485BDF57)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040D0E8 | |
| Source: | Code function: | 0_2_00405975 | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_0040EC3A | |
| Source: | Code function: | 0_2_0040EC3A | |
| Source: | Code function: | 0_2_0040EC3B | |
| Source: | Code function: | 0_2_0042356E | |
| Source: | Code function: | 0_2_00439081 | |
| Source: | Code function: | 0_2_0042A1B9 | |
| Source: | Code function: | 0_2_0041047B | |
| Source: | Code function: | 0_2_0042356E | |
| Source: | Code function: | 0_2_004395C3 | |
| Source: | Code function: | 0_2_0042A58D | |
| Source: | Code function: | 0_2_0043B6C1 | |
| Source: | Code function: | 0_2_00435714 | |
| Source: | Code function: | 0_2_00421854 | |
| Source: | Code function: | 0_2_0042F971 | |
| Source: | Code function: | 0_2_0042A999 | |
| Source: | Code function: | 0_2_00438B3F | |
| Source: | Code function: | 0_2_0042EC59 | |
| Source: | Code function: | 0_2_00429CE6 | |
| Source: | Code function: | 0_2_00439C87 | |
| Source: | Code function: | 0_2_00426D30 | |
| Source: | Code function: | 0_2_0040BDE4 | |
| Source: | Code function: | 0_2_0042ADB9 | |
| Source: | Code function: | 0_2_0042BEF7 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004132EC | |
| Source: | Code function: | 0_2_0040299A | |
| Source: | Command line argument: | 0_2_004255DB | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 0_2_0042580B | |
| Source: | Code function: | 0_2_00432B38 | |
| Source: | Code function: | 0_2_00432C36 | |
| Source: | Code function: | 0_2_00426D24 | |
| Source: | Code function: | 0_2_00427E01 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_0040D0E8 | |
| Source: | Code function: | 0_2_00405975 | |
| Source: | Code function: | 0_2_004286A8 | |
| Source: | Code function: | 0_2_0042D4F4 | |
| Source: | Code function: | 0_2_0042580B | |
| Source: | Code function: | 0_2_0042B4F5 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_004381C9 | |
| Source: | Code function: | 0_2_0042D4F4 | |
| Source: | Code function: | 0_2_0042E591 | |
| Source: | Code function: | 0_2_0042E5B3 | |
| Source: | Code function: | 0_2_00426F93 | |
| Source: | Code function: | 0_2_004356A7 | |
| Source: | Code function: | 0_2_004330E1 | |
| Source: | Code function: | 0_2_0043309C | |
| Source: | Code function: | 0_2_00434126 | |
| Source: | Code function: | 0_2_00434208 | |
| Source: | Code function: | 0_2_0043429E | |
| Source: | Code function: | 0_2_004382BC | |
| Source: | Code function: | 0_2_00434310 | |
| Source: | Code function: | 0_2_004344E0 | |
| Source: | Code function: | 0_2_0043459F | |
| Source: | Code function: | 0_2_00434640 | |
| Source: | Code function: | 0_2_00434604 | |
| Source: | Code function: | 0_2_00425691 | |
| Source: | Code function: | 0_2_0043373D | |
| Source: | Code function: | 0_2_0043398E | |
| Source: | Code function: | 0_2_00436A5F | |
| Source: | Code function: | 0_2_00438AB3 | |
| Source: | Code function: | 0_2_0043AB18 | |
| Source: | Code function: | 0_2_0043AC53 | |
| Source: | Code function: | 0_2_00433C52 | |
| Source: | Code function: | 0_2_0043AC8E | |
| Source: | Code function: | 0_2_0043ADCB | |
| Source: | Code function: | 0_2_00435178 | |
| Source: | Code function: | 0_2_0041BBB7 | |
| Source: | Code function: | 0_2_0040187D | |
| Source: | Code function: | 0_2_0042B4F5 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 2 Obfuscated Files or Information | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 System Owner/User Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 24 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 34% | ReversingLabs | Win32.Trojan.Generic | ||
| 17% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false |
| unknown | ||
| false |
| low | ||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| low | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| low | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| low | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1438248 |
| Start date and time: | 2024-05-08 14:22:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe |
| Detection: | MAL |
| Classification: | mal48.winEXE@1/0@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe, PID 2876 because there are no executed function
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.98639326334426 |
| TrID: |
|
| File name: | SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe |
| File size: | 868'352 bytes |
| MD5: | 06feef43e18458e9f1052c6d485bdf57 |
| SHA1: | 0b67a57d2bae9757e7caceec8e557884e80ace5d |
| SHA256: | f48f22e583ad5628e34c5e76367deab519d49be78fc6741327bbc9386079538c |
| SHA512: | ceccee28cb51d3ee62d6bd7d921d112e858940388e44d2b06cceb3af9efe463e740448ac6a9ef9e96b0e41c737c82a1fc0ad58941bb3f6f417e1575adacbe917 |
| SSDEEP: | 24576:85xO0x5kws1TB7Pz3pDbPRwIvqFdCKzca:8fOQHyNfGIvqFdVz3 |
| TLSH: | A605CFD2B7D1D433D4620131DF6E8730AB77BD43AD69474776DC0E8DAB622A18A39B02 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........XvV.9...9...9....e..9....u.v9..@....9..66G..9..66E..9...9...8....v..9....d..9....`..9..Rich.9..........................PE..L.. |
 | |
| Icon Hash: | 3e3e7e2b23032307 |
| Entrypoint: | 0x42b6d5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | |
| Time Stamp: | 0x6633A445 [Thu May 2 14:33:41 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 40a0e25ddeeee4a2b76201fcfeb82eaf |
| Instruction |
|---|
| call 00007FB190F781B3h |
| jmp 00007FB190F6E52Bh |
| mov eax, dword ptr [esp+04h] |
| xor ecx, ecx |
| cmp eax, dword ptr [0045E4F8h+ecx*8] |
| je 00007FB190F6E724h |
| inc ecx |
| cmp ecx, 2Dh |
| jl 00007FB190F6E703h |
| lea ecx, dword ptr [eax-13h] |
| cmp ecx, 11h |
| jnbe 00007FB190F6E71Eh |
| push 0000000Dh |
| pop eax |
| ret |
| mov eax, dword ptr [0045E4FCh+ecx*8] |
| ret |
| add eax, FFFFFF44h |
| push 0000000Eh |
| pop ecx |
| cmp ecx, eax |
| sbb eax, eax |
| and eax, ecx |
| add eax, 08h |
| ret |
| call 00007FB190F7442Ch |
| test eax, eax |
| jne 00007FB190F6E718h |
| mov eax, 0045E660h |
| ret |
| add eax, 08h |
| ret |
| call 00007FB190F74419h |
| test eax, eax |
| jne 00007FB190F6E718h |
| mov eax, 0045E664h |
| ret |
| add eax, 0Ch |
| ret |
| push esi |
| call 00007FB190F6E6FCh |
| mov ecx, dword ptr [esp+08h] |
| push ecx |
| mov dword ptr [eax], ecx |
| call 00007FB190F6E6A2h |
| pop ecx |
| mov esi, eax |
| call 00007FB190F6E6D5h |
| mov dword ptr [eax], esi |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| push ecx |
| push ecx |
| push esi |
| lea eax, dword ptr [ebp-04h] |
| xor esi, esi |
| push eax |
| mov dword ptr [ebp-04h], esi |
| mov dword ptr [ebp-08h], esi |
| call 00007FB190F71061h |
| test eax, eax |
| pop ecx |
| je 00007FB190F6E71Fh |
| push esi |
| push esi |
| push esi |
| push esi |
| push esi |
| call 00007FB190F70485h |
| add esp, 14h |
| lea eax, dword ptr [ebp-08h] |
| push eax |
| call 00007FB190F7107Dh |
| test eax, eax |
| pop ecx |
| je 00007FB190F6E71Fh |
| push esi |
| push esi |
| push esi |
| push esi |
| push esi |
| call 00007FB190F7046Ah |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4bb1c | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x184000 | 0x75e4c | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x491b0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x3d000 | 0x58c | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x3ba20 | 0x3bc00 | 53a236610d56d732f6fb9b98af67107e | False | 0.607532197960251 | data | 6.694062144126637 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x3d000 | 0x10710 | 0x10800 | 5877f6a80a49d9e423b9ac1d1e213c37 | False | 0.4224816524621212 | data | 5.957571972797364 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x4e000 | 0x135f44 | 0x11800 | 5d96728e3a37d017348b171cb8a081e8 | False | 0.14267578125 | data | 1.9290334204148625 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x184000 | 0x75e4c | 0x76000 | d130a6af7440ef237bc3adcb06785ac3 | False | 0.7705657441737288 | data | 7.404268957789185 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| GIF | 0x187130 | 0x821 | GIF image data, version 89a, 97 x 24 | Czech | Czech Republic | 0.9423354156655455 |
| GIF | 0x187954 | 0x6e9 | GIF image data, version 87a, 104 x 10 | Czech | Czech Republic | 0.823063877897117 |
| GIF | 0x188040 | 0x501 | GIF image data, version 87a, 20 x 24 | Czech | Czech Republic | 0.9734582357533177 |
| GIF | 0x188544 | 0x732 | GIF image data, version 87a, 107 x 24 | Czech | Czech Republic | 0.8393051031487514 |
| GIF | 0x188c78 | 0x5d5 | GIF image data, version 87a, 73 x 24 | Czech | Czech Republic | 0.9511051574012056 |
| GIF | 0x189250 | 0x637 | GIF image data, version 87a, 45 x 19 | Czech | Czech Republic | 0.7875549968573224 |
| GIF | 0x189888 | 0x73a | GIF image data, version 87a, 60 x 19 | Czech | Czech Republic | 0.8475675675675676 |
| GIF | 0x189fc4 | 0x630 | GIF image data, version 87a, 50 x 24 | Czech | Czech Republic | 0.7203282828282829 |
| GIF | 0x18a5f4 | 0x7ad | GIF image data, version 87a, 106 x 24 | Czech | Czech Republic | 0.7389312977099237 |
| GIF | 0x18ada4 | 0x66d | GIF image data, version 87a, 51 x 24 | Czech | Czech Republic | 0.8249240121580547 |
| GIF | 0x18b414 | 0x5c1 | GIF image data, version 87a, 53 x 24 | Czech | Czech Republic | 0.6571622539035981 |
| GIF | 0x18b9d8 | 0x59e | GIF image data, version 87a, 57 x 24 | Czech | Czech Republic | 0.6105702364394993 |
| GIF | 0x18bf78 | 0x6d9 | GIF image data, version 87a, 50 x 24 | Czech | Czech Republic | 0.9977181973759269 |
| GIF | 0x18c654 | 0x781 | GIF image data, version 87a, 75 x 24 | Czech | Czech Republic | 0.980739198334201 |
| GIF | 0x18cdd8 | 0x86b | GIF image data, version 87a, 86 x 24 | Czech | Czech Republic | 1.0013921113689095 |
| GIF | 0x18d644 | 0x687 | GIF image data, version 87a, 43 x 24 | Czech | Czech Republic | 1.0017953321364452 |
| GIF | 0x18dccc | 0x6f1 | GIF image data, version 87a, 73 x 24 | Czech | Czech Republic | 1.0 |
| GIF | 0x18e3c0 | 0x7e8 | GIF image data, version 87a, 49 x 24 | Czech | Czech Republic | 1.0004940711462451 |
| GIF | 0x18eba8 | 0x2bd | GIF image data, version 87a, 26 x 24 | Czech | Czech Republic | 0.8031383737517832 |
| GIF | 0x18ee68 | 0x22f | GIF image data, version 87a, 26 x 24 | Czech | Czech Republic | 0.9803220035778175 |
| GIF | 0x18f098 | 0xa39 | GIF image data, version 87a, 88 x 60 | Czech | Czech Republic | 1.0034390523500192 |
| GIF | 0x18fad4 | 0x5c0 | GIF image data, version 89a, 43 x 24 | Czech | Czech Republic | 1.0074728260869565 |
| GIF | 0x190094 | 0x80b | GIF image data, version 87a, 69 x 24 | Czech | Czech Republic | 0.9970859640602234 |
| GIF | 0x1908a0 | 0x6d9 | GIF image data, version 87a, 45 x 24 | Czech | Czech Republic | 0.9429549343981746 |
| GIF | 0x190f7c | 0x573 | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.9111111111111111 |
| GIF | 0x1914f0 | 0x63c | GIF image data, version 87a, 33 x 24 | Czech | Czech Republic | 0.9624060150375939 |
| GIF | 0x191b2c | 0x725 | GIF image data, version 87a, 100 x 10 | Czech | Czech Republic | 1.003827227993439 |
| GIF | 0x192254 | 0x88e | GIF image data, version 87a, 64 x 24 | Czech | Czech Republic | 0.9981735159817352 |
| GIF | 0x192ae4 | 0x617 | GIF image data, version 87a, 36 x 24 | Czech | Czech Republic | 0.8826170622193714 |
| GIF | 0x1930fc | 0x861 | GIF image data, version 87a, 64 x 24 | Czech | Czech Republic | 0.9356643356643357 |
| GIF | 0x193960 | 0x996 | GIF image data, version 87a, 84 x 24 | Czech | Czech Republic | 0.9873675631621842 |
| GIF | 0x1942f8 | 0x355 | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.8593200468933178 |
| GIF | 0x194650 | 0x51a | GIF image data, version 87a, 23 x 24 | Czech | Czech Republic | 0.7664624808575804 |
| GIF | 0x194b6c | 0x803 | GIF image data, version 87a, 73 x 24 | Czech | Czech Republic | 0.9497805948317893 |
| GIF | 0x195370 | 0x77d | GIF image data, version 87a, 72 x 24 | Czech | Czech Republic | 0.8690662493479395 |
| GIF | 0x195af0 | 0x58a | GIF image data, version 87a, 64 x 24 | Czech | Czech Republic | 0.9760225669957687 |
| GIF | 0x19607c | 0x8b9 | GIF image data, version 87a, 62 x 24 | Czech | Czech Republic | 0.9695476936856248 |
| GIF | 0x196938 | 0x2fd | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.9398692810457516 |
| GIF | 0x196c38 | 0x8b6 | GIF image data, version 87a, 66 x 24 | Czech | Czech Republic | 0.9986547085201793 |
| GIF | 0x1974f0 | 0x5fd | GIF image data, version 87a, 40 x 24 | Czech | Czech Republic | 0.7553816046966731 |
| GIF | 0x197af0 | 0x2e6 | GIF image data, version 87a, 23 x 24 | Czech | Czech Republic | 0.8180592991913747 |
| GIF | 0x197dd8 | 0x911 | GIF image data, version 87a, 78 x 24 | Czech | Czech Republic | 0.8483412322274881 |
| GIF | 0x1986ec | 0x349 | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.8513674197384067 |
| GIF | 0x198a38 | 0x8ab | GIF image data, version 87a, 88 x 24 | Czech | Czech Republic | 0.9873817034700315 |
| GIF | 0x1992e4 | 0xafe | GIF image data, version 87a, 115 x 24 | Czech | Czech Republic | 1.0010660980810235 |
| GIF | 0x199de4 | 0xba9 | GIF image data, version 87a, 112 x 24 | Czech | Czech Republic | 1.0036850921273033 |
| GIF | 0x19a990 | 0x88a | GIF image data, version 87a, 77 x 24 | Czech | Czech Republic | 1.0018298261665142 |
| GIF | 0x19b21c | 0x836 | GIF image data, version 87a, 98 x 17 | Czech | Czech Republic | 0.9609895337773549 |
| GIF | 0x19ba54 | 0x54b | GIF image data, version 87a, 34 x 24 | Czech | Czech Republic | 0.7564575645756457 |
| GIF | 0x19bfa0 | 0x589 | GIF image data, version 87a, 38 x 24 | Czech | Czech Republic | 0.9124911785462244 |
| GIF | 0x19c52c | 0x662 | GIF image data, version 87a, 47 x 24 | Czech | Czech Republic | 0.8678090575275398 |
| GIF | 0x19cb90 | 0x95a | GIF image data, version 87a, 79 x 24 | Czech | Czech Republic | 0.9983291562238931 |
| GIF | 0x19d4ec | 0x578 | GIF image data, version 87a, 54 x 24 | Czech | Czech Republic | 1.0078571428571428 |
| GIF | 0x19da64 | 0x6be | GIF image data, version 87a, 73 x 24 | Czech | Czech Republic | 0.9988412514484357 |
| GIF | 0x19e124 | 0x667 | GIF image data, version 87a, 65 x 24 | Czech | Czech Republic | 0.9975594874923734 |
| GIF | 0x19e78c | 0xae9 | GIF image data, version 87a, 127 x 24 | Czech | Czech Republic | 0.9269602577873255 |
| GIF | 0x19f278 | 0x762 | GIF image data, version 87a, 54 x 24 | Czech | Czech Republic | 1.0058201058201057 |
| GIF | 0x19f9dc | 0x825 | GIF image data, version 87a, 50 x 24 | Czech | Czech Republic | 0.8983213429256595 |
| GIF | 0x1a0204 | 0x5a4 | GIF image data, version 87a, 28 x 24 | Czech | Czech Republic | 0.8289473684210527 |
| GIF | 0x1a07a8 | 0x4e8 | GIF image data, version 87a, 23 x 24 | Czech | Czech Republic | 0.7531847133757962 |
| GIF | 0x1a0c90 | 0x894 | GIF image data, version 87a, 128 x 14 | Czech | Czech Republic | 1.0050091074681238 |
| GIF | 0x1a1524 | 0x607 | GIF image data, version 87a, 30 x 24 | Czech | Czech Republic | 1.0032404406999351 |
| GIF | 0x1a1b2c | 0x621 | GIF image data, version 87a, 49 x 24 | Czech | Czech Republic | 0.840025493945188 |
| GIF | 0x1a2150 | 0x627 | GIF image data, version 87a, 66 x 24 | Czech | Czech Republic | 0.9885714285714285 |
| GIF | 0x1a2778 | 0x851 | GIF image data, version 87a, 68 x 24 | Czech | Czech Republic | 1.0014091122592768 |
| GIF | 0x1a2fcc | 0x8b8 | GIF image data, version 87a, 70 x 24 | Czech | Czech Republic | 0.9919354838709677 |
| GIF | 0x1a3884 | 0x591 | GIF image data, version 87a, 32 x 24 | Czech | Czech Republic | 0.9361403508771929 |
| GIF | 0x1a3e18 | 0x62d | GIF image data, version 87a, 42 x 24 | Czech | Czech Republic | 0.9993674889310563 |
| GIF | 0x1a4448 | 0x631 | GIF image data, version 87a, 44 x 24 | Czech | Czech Republic | 0.8782334384858044 |
| GIF | 0x1a4a7c | 0x760 | GIF image data, version 87a, 57 x 24 | Czech | Czech Republic | 0.9518008474576272 |
| GIF | 0x1a51dc | 0x6d2 | GIF image data, version 87a, 103 x 19 | Czech | Czech Republic | 0.9610538373424972 |
| GIF | 0x1a58b0 | 0x787 | GIF image data, version 87a, 66 x 24 | Czech | Czech Republic | 0.8930980799169694 |
| GIF | 0x1a6038 | 0x658 | GIF image data, version 87a, 42 x 24 | Czech | Czech Republic | 0.9938423645320197 |
| GIF | 0x1a6690 | 0x99a | GIF image data, version 87a, 85 x 24 | Czech | Czech Republic | 1.0012205044751832 |
| GIF | 0x1a702c | 0x637 | GIF image data, version 87a, 54 x 24 | Czech | Czech Republic | 0.9987429289754871 |
| GIF | 0x1a7664 | 0x648 | GIF image data, version 87a, 44 x 24 | Czech | Czech Republic | 1.0037313432835822 |
| GIF | 0x1a7cac | 0x987 | GIF image data, version 87a, 75 x 24 | Czech | Czech Republic | 0.997949979499795 |
| GIF | 0x1a8634 | 0x5d7 | GIF image data, version 87a, 30 x 24 | Czech | Czech Republic | 0.9846153846153847 |
| GIF | 0x1a8c0c | 0x5e5 | GIF image data, version 87a, 30 x 24 | Czech | Czech Republic | 1.0072895957587806 |
| GIF | 0x1a91f4 | 0x7c3 | GIF image data, version 87a, 51 x 24 | Czech | Czech Republic | 1.0055359838953195 |
| GIF | 0x1a99b8 | 0x764 | GIF image data, version 87a, 84 x 24 | Czech | Czech Republic | 0.8488372093023255 |
| GIF | 0x1aa11c | 0xbcf | GIF image data, version 87a, 152 x 24 | Czech | Czech Republic | 0.914654316903738 |
| GIF | 0x1aacec | 0x7be | GIF image data, version 87a, 84 x 24 | Czech | Czech Republic | 0.8390514631685166 |
| GIF | 0x1ab4ac | 0x38a | GIF image data, version 87a, 92 x 25 | Czech | Czech Republic | 0.9911699779249448 |
| GIF | 0x1ab838 | 0x5aa | GIF image data, version 87a, 39 x 24 | Czech | Czech Republic | 0.8951724137931034 |
| GIF | 0x1abde4 | 0x725 | GIF image data, version 87a, 63 x 24 | Czech | Czech Republic | 0.985784581738655 |
| GIF | 0x1ac50c | 0x642 | GIF image data, version 87a, 130 x 16 | Czech | Czech Republic | 0.9332084893882646 |
| GIF | 0x1acb50 | 0x8a6 | GIF image data, version 87a, 101 x 17 | Czech | Czech Republic | 0.9878048780487805 |
| GIF | 0x1ad3f8 | 0x5cd | GIF image data, version 87a, 25 x 24 | Czech | Czech Republic | 0.9333333333333333 |
| GIF | 0x1ad9c8 | 0x55d | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.9686817188638019 |
| GIF | 0x1adf28 | 0x7cd | GIF image data, version 87a, 56 x 24 | Czech | Czech Republic | 0.9974962443665498 |
| GIF | 0x1ae6f8 | 0x52c | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 0.7341389728096677 |
| GIF | 0x1aec24 | 0x30b | GIF image data, version 87a, 21 x 24 | Czech | Czech Republic | 0.9922978177150192 |
| GIF | 0x1aef30 | 0x69f | GIF image data, version 87a, 53 x 24 | Czech | Czech Republic | 0.9893805309734514 |
| GIF | 0x1af5d0 | 0x5d0 | GIF image data, version 87a, 36 x 24 | Czech | Czech Republic | 0.9952956989247311 |
| GIF | 0x1afba0 | 0x652 | GIF image data, version 87a, 66 x 24 | Czech | Czech Republic | 0.9487021013597033 |
| GIF | 0x1b01f4 | 0xa07 | GIF image data, version 87a, 73 x 24 | Czech | Czech Republic | 1.004285157771718 |
| GIF | 0x1b0bfc | 0x68a | GIF image data, version 87a, 43 x 24 | Czech | Czech Republic | 1.0053763440860215 |
| GIF | 0x1b1288 | 0x8b5 | GIF image data, version 87a, 106 x 17 | Czech | Czech Republic | 0.9910273665320771 |
| GIF | 0x1b1b40 | 0xa04 | GIF image data, version 87a, 158 x 14 | Czech | Czech Republic | 1.001170046801872 |
| GIF | 0x1b2544 | 0x56e | GIF image data, version 87a, 25 x 24 | Czech | Czech Republic | 0.9870503597122302 |
| GIF | 0x1b2ab4 | 0x612 | GIF image data, version 87a, 46 x 24 | Czech | Czech Republic | 0.8674388674388674 |
| GIF | 0x1b30c8 | 0x661 | GIF image data, version 87a, 51 x 24 | Czech | Czech Republic | 0.9675443968156767 |
| GIF | 0x1b372c | 0x930 | GIF image data, version 87a, 75 x 24 | Czech | Czech Republic | 0.9187925170068028 |
| GIF | 0x1b405c | 0x4f2 | GIF image data, version 87a, 18 x 24 | Czech | Czech Republic | 0.9344391785150079 |
| GIF | 0x1b4550 | 0x64b | GIF image data, version 87a, 38 x 24 | Czech | Czech Republic | 0.978274363749224 |
| GIF | 0x1b4b9c | 0x781 | GIF image data, version 87a, 49 x 24 | Czech | Czech Republic | 0.9979177511712649 |
| GIF | 0x1b5320 | 0xb5b | GIF image data, version 87a, 115 x 24 | Czech | Czech Republic | 0.9411764705882353 |
| GIF | 0x1b5e7c | 0x5fc | GIF image data, version 87a, 59 x 24 | Czech | Czech Republic | 0.8400783289817232 |
| GIF | 0x1b6478 | 0x4cc | GIF image data, version 87a, 52 x 24 | Czech | Czech Republic | 0.9112377850162866 |
| GIF | 0x1b6944 | 0x610 | GIF image data, version 87a, 37 x 24 | Czech | Czech Republic | 0.9710051546391752 |
| GIF | 0x1b6f54 | 0x819 | GIF image data, version 87a, 114 x 17 | Czech | Czech Republic | 1.005306319343946 |
| GIF | 0x1b7770 | 0x61e | GIF image data, version 87a, 39 x 24 | Czech | Czech Republic | 0.8793103448275862 |
| GIF | 0x1b7d90 | 0x475 | GIF image data, version 87a, 41 x 24 | Czech | Czech Republic | 0.9666958808063103 |
| GIF | 0x1b8208 | 0x440 | GIF image data, version 87a, 18 x 24 | Czech | Czech Republic | 0.5753676470588235 |
| GIF | 0x1b8648 | 0x3c2 | GIF image data, version 87a, 33 x 24 | Czech | Czech Republic | 0.8586278586278586 |
| GIF | 0x1b8a0c | 0x787 | GIF image data, version 87a, 97 x 24 | Czech | Czech Republic | 0.7145822522055008 |
| GIF | 0x1b9194 | 0x66b | GIF image data, version 87a, 54 x 22 | Czech | Czech Republic | 1.0066950699939137 |
| GIF | 0x1b9800 | 0x81b | GIF image data, version 89a, 73 x 24 | Czech | Czech Republic | 1.005301204819277 |
| GIF | 0x1ba01c | 0x5c6 | GIF image data, version 87a, 55 x 24 | Czech | Czech Republic | 0.6948579161028416 |
| GIF | 0x1ba5e4 | 0x5da | GIF image data, version 87a, 56 x 24 | Czech | Czech Republic | 0.8304405874499332 |
| GIF | 0x1babc0 | 0x10e5 | GIF image data, version 87a, 175 x 24 | Czech | Czech Republic | 0.9932947976878612 |
| GIF | 0x1bbca8 | 0x5e8 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2014:03:26 15:13:19], baseline, precision 8, 47x24, components 3 | Czech | Czech Republic | 0.9444444444444444 |
| GIF | 0x1bc290 | 0x2d4a | JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0 CE, datetime=2019:12:12 13:10:33], baseline, precision 8, 129x24, components 3 | Czech | Czech Republic | 0.3715715025012938 |
| GIF | 0x1befdc | 0x825 | GIF image data, version 87a, 53 x 24 | Czech | Czech Republic | 0.9947242206235012 |
| GIF | 0x1bf804 | 0x6cc | GIF image data, version 87a, 65 x 24 | Czech | Czech Republic | 0.9959770114942529 |
| GIF | 0x1bfed0 | 0x62a | GIF image data, version 87a, 58 x 24 | Czech | Czech Republic | 0.8041825095057035 |
| GIF | 0x1c04fc | 0x6e8 | GIF image data, version 87a, 64 x 24 | Czech | Czech Republic | 0.8116515837104072 |
| GIF | 0x1c0be4 | 0x647 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2015:06:26 10:50:57], baseline, precision 8, 51x24, components 3 | Czech | Czech Republic | 0.9471064094586186 |
| GIF | 0x1c122c | 0x74a | PNG image data, 100 x 14, 8-bit colormap, non-interlaced | Czech | Czech Republic | 0.8060021436227224 |
| GIF | 0x1c1978 | 0x171a | PNG image data, 151 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0018599932363883 |
| GIF | 0x1c3094 | 0x835 | GIF image data, version 87a, 133 x 25 | Czech | Czech Republic | 0.8714897667777249 |
| GIF | 0x1c38cc | 0x3ef | GIF image data, version 87a, 51 x 24 | Czech | Czech Republic | 1.0019860973187686 |
| GIF | 0x1c3cbc | 0x5aa | GIF image data, version 87a, 51 x 24 | Czech | Czech Republic | 0.7558620689655172 |
| GIF | 0x1c4268 | 0x2b9 | GIF image data, version 87a, 32 x 24 | Czech | Czech Republic | 1.0028694404591105 |
| GIF | 0x1c4524 | 0x21e | GIF image data, version 87a, 24 x 24 | Czech | Czech Republic | 1.003690036900369 |
| GIF | 0x1c4744 | 0x860 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2015:10:05 09:25:48], baseline, precision 8, 100x24, components 3 | Czech | Czech Republic | 0.9617537313432836 |
| GIF | 0x1c4fa4 | 0x922 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2015:11:19 09:19:55], baseline, precision 8, 77x24, components 3 | Czech | Czech Republic | 0.9533789563729683 |
| GIF | 0x1c58c8 | 0x7b6 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2021:03:07 10:19:22], baseline, precision 8, 68x24, components 3 | Czech | Czech Republic | 0.9650455927051672 |
| GIF | 0x1c6080 | 0x6f1 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2016:04:03 20:01:40], baseline, precision 8, 69x24, components 3 | Czech | Czech Republic | 0.9606077658975802 |
| GIF | 0x1c6774 | 0xa6e | GIF image data, version 87a, 143 x 24 | Czech | Czech Republic | 0.8535580524344569 |
| GIF | 0x1c71e4 | 0x85a | GIF image data, version 87a, 135 x 21 | Czech | Czech Republic | 0.8498596819457437 |
| GIF | 0x1c7a40 | 0xca8 | PNG image data, 89 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.003395061728395 |
| GIF | 0x1c86e8 | 0x9b0 | PNG image data, 48 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0044354838709677 |
| GIF | 0x1c9098 | 0xc59 | PNG image data, 80 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0034799114204365 |
| GIF | 0x1c9cf4 | 0x57b | GIF image data, version 87a, 35 x 24 | Czech | Czech Republic | 0.9558089807555239 |
| GIF | 0x1ca270 | 0x5d9 | GIF image data, version 87a, 50 x 22 | Czech | Czech Republic | 0.8343353373413493 |
| GIF | 0x1ca84c | 0x69e | PNG image data, 58 x 24, 8-bit colormap, non-interlaced | Czech | Czech Republic | 0.743801652892562 |
| GIF | 0x1caeec | 0x601 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2017:03:13 08:53:33], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 75", baseline, precision 8, 77x24, components 3 | Czech | Czech Republic | 0.940793754066363 |
| GIF | 0x1cb4f0 | 0xc5c | PNG image data, 68 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0034766118836915 |
| GIF | 0x1cc14c | 0x1893 | PNG image data, 158 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 0.9783818152916866 |
| GIF | 0x1cd9e0 | 0x1698 | PNG image data, 129 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0019017980636238 |
| GIF | 0x1cf078 | 0x76b | PNG image data, 93 x 24, 8-bit colormap, non-interlaced | Czech | Czech Republic | 0.7725118483412322 |
| GIF | 0x1cf7e4 | 0xa64 | GIF image data, version 89a, 122 x 24 | Czech | Czech Republic | 1.0041353383458647 |
| GIF | 0x1d0248 | 0x541 | GIF image data, version 87a, 53 x 24 | Czech | Czech Republic | 0.7524163568773234 |
| GIF | 0x1d078c | 0xb85 | GIF image data, version 89a, 145 x 24 | Czech | Czech Republic | 1.0037300779925398 |
| GIF | 0x1d1314 | 0x18f9 | PNG image data, 130 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0017206319411858 |
| GIF | 0x1d2c10 | 0xce9 | PNG image data, 68 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0033282904689864 |
| GIF | 0x1d38fc | 0x3bb | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2021:03:07 11:51:10], baseline, precision 8, 17x24, components 3 | Czech | Czech Republic | 0.8523560209424084 |
| GIF | 0x1d3cb8 | 0xc63 | PNG image data, 71 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0034689372437717 |
| GIF | 0x1d491c | 0xc66 | PNG image data, 63 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0034656584751103 |
| GIF | 0x1d5584 | 0xbb2 | PNG image data, 63 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0036740146960588 |
| GIF | 0x1d6138 | 0x78e | PNG image data, 49 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0056876938986556 |
| GIF | 0x1d68c8 | 0x603 | PNG image data, 39 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0071474983755686 |
| GIF | 0x1d6ecc | 0x1c4a | PNG image data, 152 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0015189174261254 |
| GIF | 0x1d8b18 | 0xf9a | PNG image data, 84 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0027541311967951 |
| GIF | 0x1d9ab4 | 0x8f8 | PNG image data, 52 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0047909407665505 |
| GIF | 0x1da3ac | 0x990 | PNG image data, 53 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0044934640522876 |
| GIF | 0x1dad3c | 0x752 | PNG image data, 52 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0058697972251867 |
| GIF | 0x1db490 | 0x51d | PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0084033613445378 |
| MENUICONS | 0x1db9b0 | 0x30b | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:54], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8369704749679076 |
| MENUICONS | 0x1dbcbc | 0x32e | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:12:10 08:07:23], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8525798525798526 |
| MENUICONS | 0x1dbfec | 0x3a7 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:57], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8737967914438503 |
| MENUICONS | 0x1dc394 | 0x357 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:25 12:30:18], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8573099415204678 |
| MENUICONS | 0x1dc6ec | 0x34c | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:57], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8590047393364929 |
| MENUICONS | 0x1dca38 | 0x36e | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:58], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8667425968109339 |
| MENUICONS | 0x1dcda8 | 0x384 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:54], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8677777777777778 |
| MENUICONS | 0x1dd12c | 0x3a6 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:53], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8758029978586723 |
| MENUICONS | 0x1dd4d4 | 0x3e2 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2011:01:12 18:05:57], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.892354124748491 |
| MENUICONS | 0x1dd8b8 | 0x341 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:55], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.851140456182473 |
| MENUICONS | 0x1ddbfc | 0x38e | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:55], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8670329670329671 |
| MENUICONS | 0x1ddf8c | 0x3c5 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:25 12:30:18], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.883937823834197 |
| MENUICONS | 0x1de354 | 0x381 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:58], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8684503901895206 |
| MENUICONS | 0x1de6d8 | 0x341 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:58], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.851140456182473 |
| MENUICONS | 0x1dea1c | 0x34e | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:52], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8617021276595744 |
| MENUICONS | 0x1ded6c | 0x361 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:52], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8635838150289017 |
| MENUICONS | 0x1df0d0 | 0x36b | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:56], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8674285714285714 |
| MENUICONS | 0x1df43c | 0x3de | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:53], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8878787878787879 |
| MENUICONS | 0x1df81c | 0x3be | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:51], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8862212943632568 |
| MENUICONS | 0x1dfbdc | 0x3a7 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:55], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.879144385026738 |
| MENUICONS | 0x1dff84 | 0x35b | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:06:23 15:37:58], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8591385331781141 |
| MENUICONS | 0x1e02e0 | 0x2069 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=9, orientation=upper-left, xresolution=122, yresolution=130, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2009:06:23 16:13:17, copyright=Copyright \251 SleepAid Records], baseline, precision 8, 17x16, components 3 | Czech | Czech Republic | 0.25406773532602145 |
| MENUICONS | 0x1e234c | 0x2ec | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2012:02:04 20:45:14], baseline, precision 8, 20x16, components 3 | Czech | Czech Republic | 0.8355614973262032 |
| MENUICONS | 0x1e2638 | 0x159 | GIF image data, version 87a, 12 x 12 | Czech | Czech Republic | 0.9072463768115943 |
| MENUICONS | 0x1e2794 | 0x2d6 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:10:14 12:10:04], baseline, precision 8, 20x18, components 3 | Czech | Czech Republic | 0.803030303030303 |
| MENUICONS | 0x1e2a6c | 0x34c | PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0130331753554502 |
| MENUICONS | 0x1e2db8 | 0x404 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2010:12:22 12:42:17], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.9017509727626459 |
| MENUICONS | 0x1e31bc | 0x349 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:12:09 22:33:43], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8608799048751486 |
| MENUICONS | 0x1e3508 | 0x31f | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2009:12:29 07:50:36], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.853566958698373 |
| MENUICONS | 0x1e3828 | 0x82 | GIF image data, version 89a, 9 x 10 | Czech | Czech Republic | 1.0 |
| MENUICONS | 0x1e38ac | 0x6a | GIF image data, version 89a, 6 x 7 | Czech | Czech Republic | 0.9245283018867925 |
| MENUICONS | 0x1e3918 | 0x37 | GIF image data, version 89a, 5 x 6 | Czech | Czech Republic | 1.018181818181818 |
| MENUICONS | 0x1e3950 | 0xc3 | GIF image data, version 89a, 11 x 12 | Czech | Czech Republic | 0.841025641025641 |
| MENUICONS | 0x1e3a14 | 0x3ee | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:06:24 15:12:59], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8558648111332008 |
| MENUICONS | 0x1e3e04 | 0x355 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2011:06:24 15:23:16], baseline, precision 8, 17x18, components 3 | Czech | Czech Republic | 0.8604923798358733 |
| MENUICONS | 0x1e415c | 0x303 | PNG image data, 25 x 12, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.014267185473411 |
| MENUICONS | 0x1e4460 | 0x3e1 | PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0110775427995973 |
| MENUICONS | 0x1e4844 | 0x377 | PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.012401352874859 |
| MENUICONS | 0x1e4bbc | 0x365 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:10:31 14:23:56], baseline, precision 8, 18x16, components 3 | Czech | Czech Republic | 0.8296892980437284 |
| MENUICONS | 0x1e4f24 | 0x3c3 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:10:31 17:40:02], baseline, precision 8, 19x18, components 3 | Czech | Czech Republic | 0.8473520249221184 |
| MENUICONS | 0x1e52e8 | 0x2fb | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:12:08 08:06:47], baseline, precision 8, 20x16, components 3 | Czech | Czech Republic | 0.8020969855832241 |
| MENUICONS | 0x1e55e4 | 0x33a | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2011:12:08 08:06:48], baseline, precision 8, 19x16, components 3 | Czech | Czech Republic | 0.8184019370460048 |
| MENUICONS | 0x1e5920 | 0x348 | PNG image data, 16 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.013095238095238 |
| MENUICONS | 0x1e5c68 | 0x3c9 | PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0113519091847265 |
| MENUICONS | 0x1e6034 | 0x354 | PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.0129107981220657 |
| MENUICONS | 0x1e6388 | 0x266 | PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.017915309446254 |
| MENUICONS | 0x1e65f0 | 0x37b | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2012:02:11 12:31:12], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8731762065095399 |
| MENUICONS | 0x1e696c | 0x2f4 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2012:02:11 14:35:25], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8267195767195767 |
| MENUICONS | 0x1e6c60 | 0x2d1 | PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced | Czech | Czech Republic | 1.015256588072122 |
| MENUICONS | 0x1e6f34 | 0x3a7 | JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, software=ACD Systems Digital Imaging, datetime=2013:02:13 10:55:00], baseline, precision 8, 18x18, components 3 | Czech | Czech Republic | 0.8759358288770054 |
| TEXT | 0x1e72dc | 0x9fd | Non-ISO extended-ASCII text, with very long lines (546), with CRLF line terminators | Czech | Czech Republic | 0.4974579585451701 |
| WAVE | 0x1e7cdc | 0x6e6e | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz | Czech | Czech Republic | 0.4255748142907676 |
| RT_ICON | 0x1eeb4c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Czech | Czech Republic | 0.7823639774859287 |
| RT_ICON | 0x1efbf4 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Czech | Czech Republic | 0.8356557377049181 |
| RT_ICON | 0x1f057c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Czech | Czech Republic | 0.9042553191489362 |
| RT_ICON | 0x1f09e4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Czech | Czech Republic | 0.8812056737588653 |
| RT_ICON | 0x1f0e4c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Czech | Czech Republic | 0.749113475177305 |
| RT_ICON | 0x1f12b4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Czech | Czech Republic | 0.42354596622889307 |
| RT_ICON | 0x1f235c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Czech | Czech Republic | 0.3290337711069418 |
| RT_ICON | 0x1f3404 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Czech | Czech Republic | 0.39352720450281425 |
| RT_ICON | 0x1f44ac | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Czech | Czech Republic | 0.3649155722326454 |
| RT_DIALOG | 0x1f5554 | 0x628 | data | Czech | Czech Republic | 0.39276649746192893 |
| RT_DIALOG | 0x1f5b7c | 0x164 | data | Czech | Czech Republic | 0.6067415730337079 |
| RT_DIALOG | 0x1f5ce0 | 0x868 | data | Czech | Czech Republic | 0.3587360594795539 |
| RT_DIALOG | 0x1f6548 | 0x1bc | data | Czech | Czech Republic | 0.5382882882882883 |
| RT_DIALOG | 0x1f6704 | 0x334 | data | Czech | Czech Republic | 0.4304878048780488 |
| RT_DIALOG | 0x1f6a38 | 0x33c | data | Czech | Czech Republic | 0.4384057971014493 |
| RT_DIALOG | 0x1f6d74 | 0xb8 | data | Czech | Czech Republic | 0.717391304347826 |
| RT_DIALOG | 0x1f6e2c | 0x442 | data | Czech | Czech Republic | 0.44862385321100917 |
| RT_DIALOG | 0x1f7270 | 0xb4 | data | Czech | Czech Republic | 0.7333333333333333 |
| RT_DIALOG | 0x1f7324 | 0x6dc | data | Czech | Czech Republic | 0.3798405466970387 |
| RT_DIALOG | 0x1f7a00 | 0x166a | data | Czech | Czech Republic | 0.3213663297316138 |
| RT_DIALOG | 0x1f906c | 0x282 | data | Czech | Czech Republic | 0.5280373831775701 |
| RT_DIALOG | 0x1f92f0 | 0x10c | data | Czech | Czech Republic | 0.6305970149253731 |
| RT_DIALOG | 0x1f93fc | 0x1b0 | data | Czech | Czech Republic | 0.5555555555555556 |
| RT_DIALOG | 0x1f95ac | 0x174 | data | Czech | Czech Republic | 0.5887096774193549 |
| RT_STRING | 0x1f9720 | 0x2c | data | Czech | Czech Republic | 0.45454545454545453 |
| RT_GROUP_ICON | 0x1f974c | 0x30 | data | Czech | Czech Republic | 0.8958333333333334 |
| RT_GROUP_ICON | 0x1f977c | 0x14 | data | Czech | Czech Republic | 1.25 |
| RT_GROUP_ICON | 0x1f9790 | 0x14 | data | Czech | Czech Republic | 1.25 |
| RT_GROUP_ICON | 0x1f97a4 | 0x14 | data | Czech | Czech Republic | 1.2 |
| RT_GROUP_ICON | 0x1f97b8 | 0x14 | data | Czech | Czech Republic | 1.2 |
| RT_GROUP_ICON | 0x1f97cc | 0x14 | data | Czech | Czech Republic | 1.2 |
| RT_GROUP_ICON | 0x1f97e0 | 0x14 | data | Czech | Czech Republic | 1.2 |
| RT_VERSION | 0x1f97f4 | 0x330 | data | Czech | Czech Republic | 0.46568627450980393 |
| RT_MANIFEST | 0x1f9b24 | 0x327 | ASCII text, with CRLF line terminators | English | United States | 0.4684014869888476 |
| DLL | Import |
|---|---|
| KERNEL32.dll | MulDiv, GetCurrentThreadId, SetLastError, FreeLibrary, LoadLibraryExA, GetModuleHandleA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetLocaleInfoW, SetStdHandle, SetFilePointer, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, GetStringTypeW, GetStringTypeA, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, LCMapStringW, LCMapStringA, GetOEMCP, GetCPInfo, TlsFree, TlsSetValue, lstrcmpA, TlsGetValue, GetFileType, SetHandleCount, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetStdHandle, ExitProcess, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, HeapCreate, HeapDestroy, GetStartupInfoA, GetCommandLineA, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect, RtlUnwind, GetSystemTimeAsFileTime, LocalFree, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, GetProcAddress, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, FlushInstructionCache, IsDBCSLeadByte, CreateThread, TerminateThread, lstrcmpiA, lstrlenA, InterlockedDecrement, InterlockedIncrement, lstrlenW, MoveFileExA, GlobalLock, GlobalUnlock, GetCurrentProcess, SetProcessWorkingSetSize, FindFirstFileA, FindNextFileA, FindClose, WideCharToMultiByte, DeleteFileA, GetVolumeInformationA, GetVersionExA, GetFileSize, ReadFile, CreateFileA, GetLastError, WriteFile, MultiByteToWideChar, CloseHandle, GlobalAlloc, FindResourceA, LoadResource, SizeofResource, LockResource, FreeResource, lstrcpynA, GetDateFormatA, GetTimeFormatA, GetTimeZoneInformation, Sleep, GetModuleFileNameA, SetCurrentDirectoryA, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, TlsAlloc |
| USER32.dll | InvalidateRgn, SetCapture, IsChild, SetWindowLongA, GetWindowLongA, CreateWindowExA, DestroyWindow, SetWindowPos, ShowWindow, SendMessageA, LoadIconA, ReleaseDC, FillRect, GetDC, SetTimer, EnableWindow, GetDlgItem, SetDlgItemTextA, GetParent, SendDlgItemMessageA, GetClassNameA, ReleaseCapture, CallWindowProcA, DestroyAcceleratorTable, GetWindow, GetFocus, GetDesktopWindow, IsWindow, GetClassInfoExA, LoadCursorA, RegisterClassExA, CreateAcceleratorTableA, PostMessageA, GetWindowRect, InsertMenuItemA, FindWindowA, GetKeyState, SetWindowTextA, GetSystemMetrics, SetActiveWindow, EndPaint, BeginPaint, LoadImageA, GetClientRect, PtInRect, RedrawWindow, SetLayeredWindowAttributes, KillTimer, CharLowerA, OffsetRect, InflateRect, GetUpdateRect, SetFocus, GetWindowDC, CreatePopupMenu, ScreenToClient, ClientToScreen, GetWindowTextA, GetWindowTextLengthA, RegisterWindowMessageA, SystemParametersInfoA, GetScrollInfo, SetCursor, GetDlgItemInt, GetDlgCtrlID, UpdateWindow, DialogBoxParamA, CheckMenuItem, GetMenuItemID, TrackMouseEvent, PostQuitMessage, DispatchMessageA, TranslateMessage, GetMessageA, LoadStringA, MessageBoxA, MoveWindow, GetWindowInfo, GetSysColor, SetForegroundWindow, TrackPopupMenu, DefWindowProcA, ValidateRect, GetSysColorBrush, GetMenuItemRect, FrameRect, CharNextA, EndDialog, DestroyMenu, CopyRect, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, UnregisterClassA, LockWindowUpdate, MessageBeep, GetCursorPos, SetScrollInfo, GetWindowPlacement, RegisterHotKey, UnregisterHotKey, InvalidateRect, DrawTextA, GetMenuItemCount |
| GDI32.dll | CreateRectRgn, GetTextExtentPoint32A, GetStockObject, GetTextMetricsA, TextOutA, SetTextAlign, CreateDIBitmap, Polygon, CreatePen, SelectClipRgn, EndPage, CreatePatternBrush, Rectangle, SetTextColor, GetCurrentObject, EndDoc, GetTextExtentExPointA, GetDeviceCaps, StartDocA, BitBlt, CreateRoundRectRgn, DeleteObject, SelectObject, CreateFontA, GetObjectA, DeleteDC, CreateSolidBrush, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, StartPage, SetBkMode, SetStretchBltMode |
| comdlg32.dll | GetOpenFileNameA, PrintDlgA |
| ADVAPI32.dll | RegDeleteKeyA, GetUserNameA, RegEnumKeyExA, RegQueryInfoKeyA, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegDeleteValueA |
| SHELL32.dll | SHGetSpecialFolderPathA, ShellExecuteA, DragFinish, DragQueryFileA, Shell_NotifyIconA |
| ole32.dll | CLSIDFromProgID, CoGetClassObject, OleLockRunning, StringFromGUID2, CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoSetProxyBlanket, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CreateStreamOnHGlobal, CLSIDFromString, OleInitialize, OleUninitialize |
| OLEAUT32.dll | VarUI4FromStr, VariantClear, SysStringByteLen, GetErrorInfo, SysAllocStringLen, VariantInit, OleCreateFontIndirect, LoadRegTypeLib, SysAllocString, SysFreeString, SysStringLen, LoadTypeLib |
| WS2_32.dll | closesocket, connect, htonl, htons, socket, gethostbyname, recv, send, setsockopt, WSAStartup, WSACleanup |
| gdiplus.dll | GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdipDisposeImage, GdiplusShutdown, GdiplusStartup, GdipAlloc, GdipCloneImage, GdipFree |
| WINMM.dll | PlaySoundA |
| COMCTL32.dll | InitCommonControlsEx |
| MSIMG32.dll | TransparentBlt |
| LIBEAY32.dll | |
| SSLEAY32.dll |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Czech | Czech Republic |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
| Target ID: | 0 |
| Start time: | 14:22:52 |
| Start date: | 08/05/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 868'352 bytes |
| MD5 hash: | 06FEEF43E18458E9F1052C6D485BDF57 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
Function 00421854 Relevance: 254.1, APIs: 127, Strings: 17, Instructions: 2085timewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042356E Relevance: 182.2, APIs: 82, Strings: 21, Instructions: 1980timewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004330E1 Relevance: 66.4, APIs: 44, Instructions: 431COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043309C Relevance: 64.9, APIs: 43, Instructions: 409COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040BDE4 Relevance: 44.9, APIs: 23, Strings: 2, Instructions: 1169windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042580B Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 70memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BBB7 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 117windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EC3A Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 42clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EC3B Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 41clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004255DB Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 67windowregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405975 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filekeyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D0E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81filewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040299A Relevance: 9.0, APIs: 6, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426F93 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00425691 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040187D Relevance: 3.0, APIs: 2, Instructions: 29timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E5B3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004132EC Relevance: 1.5, APIs: 1, Instructions: 32comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004382BC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041047B Relevance: .6, Instructions: 612COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042ADB9 Relevance: .4, Instructions: 384COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042A999 Relevance: .4, Instructions: 378COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042A58D Relevance: .4, Instructions: 361COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042A1B9 Relevance: .4, Instructions: 351COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413F91 Relevance: 63.3, APIs: 20, Strings: 16, Instructions: 340windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411105 Relevance: 58.1, APIs: 29, Strings: 4, Instructions: 350windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004315F2 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004021BA Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 192sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421257 Relevance: 33.2, APIs: 22, Instructions: 241comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00420FD5 Relevance: 30.2, APIs: 20, Instructions: 224comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040979E Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 324windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004252A9 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 223windowsleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004121CC Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 185windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AD29 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 222comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00410BF6 Relevance: 26.3, APIs: 6, Strings: 9, Instructions: 95sleepfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A11 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042150B Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111registrywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419021 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 394stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419797 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 429windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B356 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 264windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412AA3 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 233windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041240A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 128windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A49C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 128windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063B5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 157windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417AAB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 107windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423448 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401503 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 78registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D89D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 168windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AFB9 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 123windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040464F Relevance: 15.1, APIs: 10, Instructions: 78COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042047E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 214stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004090F2 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 150windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C37A Relevance: 13.6, APIs: 9, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042072E Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D6A9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403417 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41windowstringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041E43B Relevance: 12.1, APIs: 8, Instructions: 146comCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F37 Relevance: 12.1, APIs: 8, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411C25 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 241windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B2E4 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406FCA Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B366 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041DBC0 Relevance: 10.6, APIs: 7, Instructions: 67memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040DFA3 Relevance: 10.6, APIs: 7, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073EE Relevance: 9.4, APIs: 6, Instructions: 440COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041E1C9 Relevance: 9.2, APIs: 6, Instructions: 205stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418381 Relevance: 9.2, APIs: 6, Instructions: 183windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D75E Relevance: 9.1, APIs: 6, Instructions: 112windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040453B Relevance: 9.1, APIs: 6, Instructions: 108COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004065D9 Relevance: 9.1, APIs: 6, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004080B6 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404777 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406745 Relevance: 9.0, APIs: 6, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C53C Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C5B9 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004118DB Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 206windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411FDB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 172windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B7F1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419DFD Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A60C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D2ED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004037AD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004058E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004128C6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412950 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403BDA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402856 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E59E Relevance: 7.6, APIs: 5, Instructions: 138COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040DC06 Relevance: 7.6, APIs: 5, Instructions: 110windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B6DA Relevance: 7.6, APIs: 5, Instructions: 105windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D23C Relevance: 7.6, APIs: 5, Instructions: 83stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D6E6 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B885 Relevance: 7.6, APIs: 5, Instructions: 61windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004018D9 Relevance: 7.6, APIs: 5, Instructions: 60timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A3A3 Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E141 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034BA Relevance: 7.6, APIs: 5, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040302E Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404712 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E02B Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416BD9 Relevance: 7.5, APIs: 5, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426076 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AA7F Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419F69 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D5B1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408E3E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004129DA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BFA7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F27 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D3F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413714 Relevance: 6.4, APIs: 5, Instructions: 100COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00420BEB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436FAD Relevance: 6.1, APIs: 4, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EABC Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A74E Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041278A Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D3A0 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E411 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D2C5 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040DDFD Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431A6A Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A42B Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409EDA Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AD5 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C44B Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066E7 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409C6F Relevance: 6.0, APIs: 4, Instructions: 30COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BE1 Relevance: 6.0, APIs: 4, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408CF1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409B5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004155EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405774 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042596D Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|