Analysis Report PI.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Username: ": "l6qpC", "URL: ": "https://xmFob4yUwp.org", "To: ": "info@hybridgroupco.com", "ByHost: ": "mail.hybridgroupco.com:587", "Password: ": "PWiE8a9WlECjO", "From: ": "info@hybridgroupco.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 16 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 8 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Drops script at startup location | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 0_2_00408994 | |
Source: | Code function: | 0_2_00405AE8 | |
Source: | Code function: | 3_2_00408994 | |
Source: | Code function: | 3_2_00405AE8 | |
Source: | Code function: | 5_2_00408994 | |
Source: | Code function: | 5_2_00405AE8 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | Code function: | 2_2_0233A186 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004070C2 |
Source: | Code function: | 0_2_00423388 |
Source: | Code function: | 3_2_004239CC |
Source: | Code function: | 0_2_004586FC |
System Summary: |
---|
Source: | Code function: | 0_2_004547D0 | |
Source: | Code function: | 0_2_0042E46C | |
Source: | Code function: | 0_2_00454F4C | |
Source: | Code function: | 0_2_00454FFC | |
Source: | Code function: | 0_2_004493A0 | |
Source: | Code function: | 0_2_00439CA4 | |
Source: | Code function: | 2_2_0046E159 | |
Source: | Code function: | 2_2_0233B362 | |
Source: | Code function: | 2_2_0233B331 | |
Source: | Code function: | 3_2_004547D0 | |
Source: | Code function: | 3_2_0042E46C | |
Source: | Code function: | 3_2_00454F4C | |
Source: | Code function: | 3_2_00454FFC | |
Source: | Code function: | 3_2_004493A0 | |
Source: | Code function: | 3_2_00439CA4 | |
Source: | Code function: | 5_2_004547D0 | |
Source: | Code function: | 5_2_0042E46C | |
Source: | Code function: | 5_2_00454F4C | |
Source: | Code function: | 5_2_00454FFC | |
Source: | Code function: | 5_2_004493A0 | |
Source: | Code function: | 5_2_00439CA4 |
Source: | Code function: | 0_2_0044EEA4 | |
Source: | Code function: | 0_2_004493A0 | |
Source: | Code function: | 0_2_00471BA8 | |
Source: | Code function: | 0_2_0046BD44 | |
Source: | Code function: | 2_2_00467976 | |
Source: | Code function: | 2_2_0046D13D | |
Source: | Code function: | 2_2_02332478 | |
Source: | Code function: | 2_2_04E33468 | |
Source: | Code function: | 2_2_04E20007 | |
Source: | Code function: | 2_2_04E39010 | |
Source: | Code function: | 2_2_04E331F8 | |
Source: | Code function: | 2_2_04E37990 | |
Source: | Code function: | 2_2_04E31568 | |
Source: | Code function: | 2_2_04E31D20 | |
Source: | Code function: | 2_2_04E3810F | |
Source: | Code function: | 2_2_04E3B6E8 | |
Source: | Code function: | 2_2_04E3DBB8 | |
Source: | Code function: | 2_2_04E39388 | |
Source: | Code function: | 2_2_04E3CB34 | |
Source: | Code function: | 2_2_04E3C8EB | |
Source: | Code function: | 2_2_04E39CFE | |
Source: | Code function: | 2_2_04E384B1 | |
Source: | Code function: | 2_2_04E328B8 | |
Source: | Code function: | 2_2_04E3C8B8 | |
Source: | Code function: | 2_2_04E348BE | |
Source: | Code function: | 2_2_04E3C889 | |
Source: | Code function: | 2_2_04E32099 | |
Source: | Code function: | 2_2_04E3C877 | |
Source: | Code function: | 2_2_04E36C35 | |
Source: | Code function: | 2_2_04E39000 | |
Source: | Code function: | 2_2_04E3D5C3 | |
Source: | Code function: | 2_2_04E355D3 | |
Source: | Code function: | 2_2_04E38998 | |
Source: | Code function: | 2_2_04E31559 | |
Source: | Code function: | 2_2_04E32136 | |
Source: | Code function: | 2_2_04E3553A | |
Source: | Code function: | 2_2_04E39D03 | |
Source: | Code function: | 2_2_04E39D08 | |
Source: | Code function: | 2_2_04E31D10 | |
Source: | Code function: | 2_2_04E37A98 | |
Source: | Code function: | 2_2_04E3566C | |
Source: | Code function: | 2_2_04E36A72 | |
Source: | Code function: | 2_2_04E37E78 | |
Source: | Code function: | 2_2_04E33468 | |
Source: | Code function: | 2_2_04E3A3A2 | |
Source: | Code function: | 2_2_04E3DBA9 | |
Source: | Code function: | 2_2_04E357AD | |
Source: | Code function: | 2_2_04E39378 | |
Source: | Code function: | 2_2_059A59C8 | |
Source: | Code function: | 2_2_059A07F0 | |
Source: | Code function: | 2_2_059A0D10 | |
Source: | Code function: | 2_2_059A7710 | |
Source: | Code function: | 2_2_059A3F22 | |
Source: | Code function: | 2_2_059A3740 | |
Source: | Code function: | 2_2_059A5370 | |
Source: | Code function: | 2_2_059A1EB0 | |
Source: | Code function: | 2_2_059A1CC0 | |
Source: | Code function: | 2_2_059A56F3 | |
Source: | Code function: | 2_2_059A7E08 | |
Source: | Code function: | 2_2_059A8648 | |
Source: | Code function: | 2_2_059A0788 | |
Source: | Code function: | 2_2_059A0DBB | |
Source: | Code function: | 2_2_059A07D3 | |
Source: | Code function: | 2_2_059A63CC | |
Source: | Code function: | 2_2_059A0DCD | |
Source: | Code function: | 2_2_059A3FC7 | |
Source: | Code function: | 2_2_059A7DF8 | |
Source: | Code function: | 2_2_059A1115 | |
Source: | Code function: | 2_2_059A7703 | |
Source: | Code function: | 2_2_059A3731 | |
Source: | Code function: | 2_2_059A3F7C | |
Source: | Code function: | 2_2_059A0E93 | |
Source: | Code function: | 2_2_059A7E87 | |
Source: | Code function: | 2_2_059A72BC | |
Source: | Code function: | 2_2_059A1CB0 | |
Source: | Code function: | 2_2_059A1EA3 | |
Source: | Code function: | 2_2_059A08D6 | |
Source: | Code function: | 2_2_059A0CF2 | |
Source: | Code function: | 2_2_059A2414 | |
Source: | Code function: | 2_2_059A0A2A | |
Source: | Code function: | 2_2_059A0E6A | |
Source: | Code function: | 3_2_0044EEA4 | |
Source: | Code function: | 3_2_004493A0 | |
Source: | Code function: | 3_2_00471BA8 | |
Source: | Code function: | 3_2_0046BD44 | |
Source: | Code function: | 5_2_0044EEA4 | |
Source: | Code function: | 5_2_004493A0 | |
Source: | Code function: | 5_2_00471BA8 | |
Source: | Code function: | 5_2_0046BD44 | |
Source: | Code function: | 7_2_00467976 | |
Source: | Code function: | 7_2_0046D13D |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_00420A54 |
Source: | Code function: | 2_2_0233B1E6 | |
Source: | Code function: | 2_2_0233B1AF |
Source: | Code function: | 0_2_00408B5E |
Source: | Code function: | 0_2_004171B0 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Process created: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (creates a PE file in dynamic memory) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00440918 |
Source: | Code function: | 0_2_00440FE9 | |
Source: | Code function: | 0_2_0040C0DF | |
Source: | Code function: | 0_2_0040C0DF | |
Source: | Code function: | 0_2_0040C17C | |
Source: | Code function: | 0_2_0040C17C | |
Source: | Code function: | 0_2_004421E8 | |
Source: | Code function: | 0_2_004103E9 | |
Source: | Code function: | 0_2_004101E5 | |
Source: | Code function: | 0_2_004642F0 | |
Source: | Code function: | 0_2_00410530 | |
Source: | Code function: | 0_2_00426570 | |
Source: | Code function: | 0_2_00410530 | |
Source: | Code function: | 0_2_00442540 | |
Source: | Code function: | 0_2_004065E9 | |
Source: | Code function: | 0_2_004065E9 | |
Source: | Code function: | 0_2_00460698 | |
Source: | Code function: | 0_2_00430732 | |
Source: | Code function: | 0_2_0041C685 | |
Source: | Code function: | 0_2_004266AC | |
Source: | Code function: | 0_2_00406794 | |
Source: | Code function: | 0_2_0043079E | |
Source: | Code function: | 0_2_00406850 | |
Source: | Code function: | 0_2_00426964 | |
Source: | Code function: | 0_2_0041A916 | |
Source: | Code function: | 0_2_0045696E | |
Source: | Code function: | 0_2_004289F0 | |
Source: | Code function: | 0_2_004289B9 | |
Source: | Code function: | 0_2_00428A34 | |
Source: | Code function: | 0_2_00456B39 | |
Source: | Code function: | 0_2_00412BE5 | |
Source: | Code function: | 0_2_0042EC18 |
Boot Survival: |
---|
Drops VBS files to the startup folder | Show sources |
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00454858 | |
Source: | Code function: | 0_2_0043C504 | |
Source: | Code function: | 0_2_00454F4C | |
Source: | Code function: | 0_2_00454FFC | |
Source: | Code function: | 0_2_0043B378 | |
Source: | Code function: | 0_2_00427394 | |
Source: | Code function: | 0_2_0045194C | |
Source: | Code function: | 0_2_0043BC20 | |
Source: | Code function: | 3_2_00454858 | |
Source: | Code function: | 3_2_0043C504 | |
Source: | Code function: | 3_2_00454F4C | |
Source: | Code function: | 3_2_00454FFC | |
Source: | Code function: | 3_2_0043B378 | |
Source: | Code function: | 3_2_00427394 | |
Source: | Code function: | 3_2_0045194C | |
Source: | Code function: | 3_2_0043BC20 | |
Source: | Code function: | 5_2_00454858 | |
Source: | Code function: | 5_2_0043C504 | |
Source: | Code function: | 5_2_00454F4C | |
Source: | Code function: | 5_2_00454FFC | |
Source: | Code function: | 5_2_0043B378 | |
Source: | Code function: | 5_2_00427394 | |
Source: | Code function: | 5_2_0045194C | |
Source: | Code function: | 5_2_0043BC20 |
Source: | Code function: | 0_2_00440918 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect sleep reduction / modifications | Show sources |
Source: | Code function: | 0_2_0043061C | |
Source: | Code function: | 3_2_0043061C | |
Source: | Code function: | 5_2_0043061C |
Delayed program exit found | Show sources |
Source: | Code function: | 1_2_032305C0 | |
Source: | Code function: | 6_2_00CB05C0 |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 0_2_00453E2C | |
Source: | Code function: | 3_2_00453E2C | |
Source: | Code function: | 5_2_00453E2C |
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Code function: | 5_2_0043061C |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00475588 | |
Source: | Code function: | 3_2_00475588 | |
Source: | Code function: | 5_2_00475588 |
Source: | Code function: | 0_2_00408994 | |
Source: | Code function: | 0_2_00405AE8 | |
Source: | Code function: | 3_2_00408994 | |
Source: | Code function: | 3_2_00405AE8 | |
Source: | Code function: | 5_2_00408994 | |
Source: | Code function: | 5_2_00405AE8 |
Source: | Code function: | 0_2_00420FE4 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_04E33468 |
Source: | Code function: | 2_2_004696F3 |
Source: | Code function: | 0_2_00440918 |
Source: | Code function: | 2_2_0046D412 | |
Source: | Code function: | 2_2_0046D4D0 | |
Source: | Code function: | 7_2_0046D412 | |
Source: | Code function: | 7_2_0046D4D0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_004696F3 | |
Source: | Code function: | 2_2_00468746 | |
Source: | Code function: | 2_2_0046BD7F | |
Source: | Code function: | 2_2_00469BB5 | |
Source: | Code function: | 7_2_0046BD7F | |
Source: | Code function: | 7_2_004696F3 | |
Source: | Code function: | 7_2_00469BB5 |
Source: | Memory protected: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00405CA0 | |
Source: | Code function: | 0_2_0040AD2C | |
Source: | Code function: | 0_2_004099FC | |
Source: | Code function: | 0_2_004099B0 | |
Source: | Code function: | 0_2_00405DAC | |
Source: | Code function: | 2_2_0046CA4A | |
Source: | Code function: | 3_2_00405CA0 | |
Source: | Code function: | 3_2_0040AD2C | |
Source: | Code function: | 3_2_004099FC | |
Source: | Code function: | 3_2_004099B0 | |
Source: | Code function: | 3_2_00405DAC | |
Source: | Code function: | 5_2_00405CA0 | |
Source: | Code function: | 5_2_0040AD2C | |
Source: | Code function: | 5_2_004099FC | |
Source: | Code function: | 5_2_004099B0 | |
Source: | Code function: | 5_2_00405DAC | |
Source: | Code function: | 7_2_0046CA4A |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00475588 |
Source: | Code function: | 2_2_0233A502 |
Source: | Code function: | 0_2_00440F64 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Startup Items1 | Startup Items1 | Disable or Modify Tools1 | OS Credential Dumping2 | System Time Discovery11 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting111 | Application Shimming1 | Application Shimming1 | Deobfuscate/Decode Files or Information11 | Input Capture11 | Account Discovery1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Native API1 | Registry Run Keys / Startup Folder2 | Access Token Manipulation1 | Scripting111 | Credentials in Registry1 | File and Directory Discovery3 | SMB/Windows Admin Shares | Screen Capture1 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection412 | Obfuscated Files or Information2 | NTDS | System Information Discovery128 | Distributed Component Object Model | Email Collection1 | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Registry Run Keys / Startup Folder2 | Software Packing41 | LSA Secrets | Security Software Discovery271 | SSH | Input Capture11 | Data Transfer Size Limits | Application Layer Protocol11 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading1 | Cached Domain Credentials | Virtualization/Sandbox Evasion15 | VNC | Clipboard Data2 | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion15 | DCSync | Process Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Access Token Manipulation1 | Proc Filesystem | Application Window Discovery11 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection412 | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | Remote System Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
52% | ReversingLabs | Win32.Trojan.LokiBot | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
hybridgroupco.com | 66.70.204.222 | true | true | unknown | |
mail.hybridgroupco.com | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 321388 |
Start date: | 21.11.2020 |
Start time: | 09:21:28 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | PI.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@16/2@1/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:22:33 | Autostart | |
09:22:48 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
66.70.204.222 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OVHFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\notepad.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 115 |
Entropy (8bit): | 5.21081668642801 |
Encrypted: | false |
SSDEEP: | 3:DcdkiTGqLRVFGkxLbpCSUKRijsHot+WfW1s0IRkn:DGiqLTF7xPsSUK4YIwvm0zn |
MD5: | E54054FC279ABBD8A620359997CC038C |
SHA1: | D294DB0EB635954E1B56A289353447A302C743E9 |
SHA-256: | 8F70AA584CF7DAB7F6E49EC1F919383E10AEBF1003D13942D7FC464B8454C43B |
SHA-512: | C4478A5A604A7777A4648605BA245197268FE39288510EF35AB5043D3B6801B2B991DBCCB78C7CF86E952E6EC4ABAFC51D4AFAE352DAD7FD57F0C5D65715D40D |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.891460444973993 |
TrID: |
|
File name: | PI.exe |
File size: | 987648 |
MD5: | dbda32339a6965fefc794f220f944016 |
SHA1: | 3e53b09125eb1e031f5f0e777836ba738b84fc42 |
SHA256: | c62b96f303f538748543747d1dacb97119dd9826b53ef6c8350b5b24d69f0006 |
SHA512: | be3282f1211845289f41775cd423312efca1a5cccfa5bfbf5a4baa31bb55b6067b0d40db3f82113c0166998c4bfd9459699bd0673acc68e3c5320244513a05fb |
SSDEEP: | 12288:hKXgLuyHgzDsn+cNObHRsVxFJkIHXAtijJZeTTaXF/c76r8bNKzkV2Xh:QGfgzIn+CA2VPJVRjJWTORc7U8xKIV2R |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
File Icon |
---|
Icon Hash: | f0f06094c36ee8c2 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x475a24 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 9ff85556c80c0bd14a575736c76ce536 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 00475834h |
call 00007FCC44AA4E3Dh |
mov eax, dword ptr [0049111Ch] |
mov eax, dword ptr [eax] |
call 00007FCC44AF3BD5h |
mov ecx, dword ptr [00491214h] |
mov eax, dword ptr [0049111Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [00475350h] |
call 00007FCC44AF3BD5h |
mov eax, dword ptr [0049111Ch] |
mov eax, dword ptr [eax] |
call 00007FCC44AF3C49h |
call 00007FCC44AA2934h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x93000 | 0x2476 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa0000 | 0x56b38 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x98000 | 0x78e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x97000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x74a6c | 0x74c00 | False | 0.527640691916 | data | 6.51771227621 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0x76000 | 0x1b2a8 | 0x1b400 | False | 0.175790209289 | data | 2.73498209356 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0x92000 | 0xcb1 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x93000 | 0x2476 | 0x2600 | False | 0.350226151316 | data | 4.84432017187 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.tls | 0x96000 | 0x10 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0x97000 | 0x18 | 0x200 | False | 0.048828125 | data | 0.20058190744 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x98000 | 0x78e0 | 0x7a00 | False | 0.565445696721 | data | 6.61076904488 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0xa0000 | 0x56b38 | 0x56c00 | False | 0.799990431376 | data | 7.40298144524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0xa0678 | 0x1d0 | data | ||
RT_BITMAP | 0xa0848 | 0x1e4 | data | ||
RT_BITMAP | 0xa0a2c | 0x1d0 | data | ||
RT_BITMAP | 0xa0bfc | 0x1d0 | data | ||
RT_BITMAP | 0xa0dcc | 0x1d0 | data | ||
RT_BITMAP | 0xa0f9c | 0x1d0 | data | ||
RT_BITMAP | 0xa116c | 0x1d0 | data | ||
RT_BITMAP | 0xa133c | 0x1d0 | data | ||
RT_BITMAP | 0xa150c | 0x46fb8 | data | English | United States |
RT_BITMAP | 0xe84c4 | 0x1d0 | data | ||
RT_BITMAP | 0xe8694 | 0xd8 | data | ||
RT_BITMAP | 0xe876c | 0xd8 | data | ||
RT_BITMAP | 0xe8844 | 0xd8 | data | ||
RT_BITMAP | 0xe891c | 0xd8 | data | ||
RT_BITMAP | 0xe89f4 | 0xd8 | data | ||
RT_BITMAP | 0xe8acc | 0xe8 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0xe8bb4 | 0xd228 | data | ||
RT_ICON | 0xf5ddc | 0x1e8 | data | English | United States |
RT_DIALOG | 0xf5fc4 | 0x52 | data | ||
RT_RCDATA | 0xf6018 | 0x10 | data | ||
RT_RCDATA | 0xf6028 | 0x274 | data | ||
RT_RCDATA | 0xf629c | 0x6ca | Delphi compiled form 'TForm1' | ||
RT_GROUP_ICON | 0xf6968 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0xf697c | 0x14 | data | ||
RT_HTML | 0xf6990 | 0x1a5 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtectEx, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemTime, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExtCreatePen, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt |
user32.dll | WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetNextDlgTabItem, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
kernel32.dll | MulDiv |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2020 09:23:09.924571037 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.028354883 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.028501987 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.266788960 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.267379999 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.371258020 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.375641108 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.480600119 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.529444933 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.605269909 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.714890003 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.714910984 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.714929104 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.715009928 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.722001076 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.825871944 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:10.873198986 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:10.900733948 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.004554987 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.005378962 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.109406948 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.110090017 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.214315891 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.214966059 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.318675041 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.319313049 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.423187971 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.424026966 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.527724028 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.529405117 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.529438972 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.529639006 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.529697895 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
Nov 21, 2020 09:23:11.633145094 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.633163929 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.633178949 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.633196115 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.635540009 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 |
Nov 21, 2020 09:23:11.685883999 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2020 09:22:29.665887117 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:29.701451063 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:30.782808065 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:30.820704937 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:31.618479013 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:31.658363104 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:33.606868029 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:33.633958101 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:34.454566956 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:34.481839895 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:36.034655094 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:36.061861992 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:36.859998941 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:36.887221098 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:37.800707102 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:37.827805042 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:38.591844082 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:38.618913889 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:39.402890921 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:39.430139065 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:40.270179033 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:40.297343969 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:41.075125933 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:41.102283001 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:22:53.258553982 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:22:53.285664082 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:09.849884033 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:09.900660992 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:12.888914108 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:12.924585104 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:13.544195890 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:13.591140032 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:14.005001068 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:14.042680979 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:14.345452070 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:14.381134987 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:14.571958065 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:14.607553005 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:14.738149881 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:14.773812056 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:15.049410105 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:15.087235928 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:15.203252077 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:15.230339050 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:15.750739098 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:15.786406040 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:16.347703934 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:16.374716997 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:17.341249943 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:17.368442059 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:17.770350933 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:17.806009054 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:27.831593037 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:27.858556032 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:28.011451960 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:28.047419071 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:23:32.962865114 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:23:32.998584986 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:24:03.075450897 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:24:03.102566004 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Nov 21, 2020 09:24:04.330602884 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 21, 2020 09:24:04.366344929 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 21, 2020 09:23:09.849884033 CET | 192.168.2.4 | 8.8.8.8 | 0x605e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 21, 2020 09:23:09.900660992 CET | 8.8.8.8 | 192.168.2.4 | 0x605e | No error (0) | hybridgroupco.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 21, 2020 09:23:09.900660992 CET | 8.8.8.8 | 192.168.2.4 | 0x605e | No error (0) | 66.70.204.222 | A (IP address) | IN (0x0001) |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Nov 21, 2020 09:23:10.266788960 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 | 220-host.theserver.live ESMTP Exim 4.93 #2 Sat, 21 Nov 2020 12:23:10 +0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Nov 21, 2020 09:23:10.267379999 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 | EHLO 284992 |
Nov 21, 2020 09:23:10.371258020 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 | 250-host.theserver.live Hello 284992 [84.17.52.25] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP |
Nov 21, 2020 09:23:10.375641108 CET | 49745 | 587 | 192.168.2.4 | 66.70.204.222 | STARTTLS |
Nov 21, 2020 09:23:10.480600119 CET | 587 | 49745 | 66.70.204.222 | 192.168.2.4 | 220 TLS go ahead |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:22:30 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:22:31 |
Start date: | 21/11/2020 |
Path: | C:\Windows\SysWOW64\notepad.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcf0000 |
File size: | 236032 bytes |
MD5 hash: | D693F13FE3AA2010B854C4C60671B8E2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:22:31 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:22:32 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
General |
---|
Start time: | 09:22:41 |
Start date: | 21/11/2020 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a8ea0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:22:43 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:22:43 |
Start date: | 21/11/2020 |
Path: | C:\Windows\SysWOW64\notepad.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcf0000 |
File size: | 236032 bytes |
MD5 hash: | D693F13FE3AA2010B854C4C60671B8E2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:22:44 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:22:44 |
Start date: | 21/11/2020 |
Path: | C:\Users\user\Desktop\PI.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 987648 bytes |
MD5 hash: | DBDA32339A6965FEFC794F220F944016 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00405CA0, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004547D0, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045433C, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 130windowregistryCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440D14, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454034, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045372C, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AA0, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040218C, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004015B8, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004755CC, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731A, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731C, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A64, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040174C, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1FC, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00440918, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AE8, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471BA8, Relevance: 18.4, APIs: 7, Strings: 3, Instructions: 909COMMONCrypto
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046BD44, Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 727COMMONCrypto
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C504, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BC20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004171B0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043061C, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453E2C, Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00475588, Relevance: 4.5, APIs: 3, Instructions: 20timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B378, Relevance: 3.1, APIs: 2, Instructions: 63windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420A54, Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD2C, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408994, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408B5E, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E46C, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420FE4, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004099B0, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004099FC, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004070C2, Relevance: .0, Instructions: 2COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004749C4, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 174windowCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D008, Relevance: 19.7, APIs: 13, Instructions: 213COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FE5C, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 224windowCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407350, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A424, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A0A4, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50filewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CC, Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CEC8, Relevance: 13.7, APIs: 9, Instructions: 172COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435790, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF8C, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445400, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187windowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433500, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139threadCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004556F8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004533EC, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125registryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CBE, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CC0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004274C4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042766C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A2D0, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045CC10, Relevance: 12.1, APIs: 8, Instructions: 102COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042103C, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471500, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 163windowCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D5B4, Relevance: 10.7, APIs: 7, Instructions: 151COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E234, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 146windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C04C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004551E4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427598, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004238C4, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C40C, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042153C, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004219AC, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004329A0, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004211EC, Relevance: 9.1, APIs: 6, Instructions: 55COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045AE18, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004208D0, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F4FC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66clipboardCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403454, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045BDB0, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E5EC, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045DFCC, Relevance: 7.7, APIs: 5, Instructions: 168COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445994, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439F44, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D8C0, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
C-Code - Quality: 22% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424C08, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452940, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421154, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00461F8C, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409C38, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453F40, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045EDFC, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 276timeCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409CE8, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439304, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117registryCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455C78, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadwindowCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045533C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448AB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3F4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426980, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A84, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AE18, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042370C, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449108, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045AF04, Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042291C, Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453ECC, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004260B8, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423FD0, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004072AC, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044898C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044874C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C628, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456188, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445904, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 032305C0, Relevance: 3.1, APIs: 2, Instructions: 105sleepCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0323037F, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 177memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 032300F0, Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03230152, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B1AF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B331, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B1E6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233A502, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E159, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B362, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02332478, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D4F3, Relevance: 31.6, APIs: 3, Strings: 15, Instructions: 81libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E7C7, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 187memoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046DB12, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 165fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D6F4, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 110registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E039, Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E3B2, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D89E, Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D46C, Relevance: 6.0, APIs: 4, Instructions: 42memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468BD8, Relevance: 4.5, APIs: 3, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D95F, Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E34AAF, Relevance: 1.7, APIs: 1, Instructions: 219COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E34ADF, Relevance: 1.7, APIs: 1, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E34B33, Relevance: 1.7, APIs: 1, Instructions: 204COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E34B7E, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054922C0, Relevance: 1.6, APIs: 1, Instructions: 113synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492617, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054907C8, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05491F14, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B4C4, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492D26, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492646, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492E1D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054923A4, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05491E32, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054907EA, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054927F6, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490DAC, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492B90, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AF97, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490CEA, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233ADA3, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05491E52, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B27C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AEE3, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492E4A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05491F52, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054923CE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492D62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B502, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AAC7, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490DDE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233A4DA, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492826, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05492BC6, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05491390, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233A20C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490C52, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AFCA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490D1E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AAEE, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054913B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233B2B6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233AF1E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233ADD6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05490C7E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233A7B6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0233A23A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E0B9, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046812C, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468F47, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046DF82, Relevance: 1.3, APIs: 1, Instructions: 69memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046DED9, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E0F0, Relevance: 1.3, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F2E02, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F3874, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02460C34, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02460BFD, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F3718, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024605D2, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02460CF0, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024605F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F2E77, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F3767, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F38DF, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055F318B, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023323F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023323BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468746, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D412, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D4D0, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046903C, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046AF60, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00469577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046ACC4, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00405CA0, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004547D0, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045433C, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 130windowregistryCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440D14, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454034, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045372C, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004015B8, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004755CC, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731A, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731C, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A64, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040174C, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1FC, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401414, Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AE8, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C504, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BC20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043061C, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440918, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424E90, Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 351windowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004749C4, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 174windowCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D008, Relevance: 19.7, APIs: 13, Instructions: 213COMMON
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FE5C, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 224windowCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407350, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442D24, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170windowCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A0A4, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50filewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CC, Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CEC8, Relevance: 13.7, APIs: 9, Instructions: 172COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435790, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF8C, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445400, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187windowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433500, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139threadCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004556F8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004533EC, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125registryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CBE, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CC0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004274C4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042766C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A2D0, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045CC10, Relevance: 12.1, APIs: 8, Instructions: 102COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471500, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 163windowCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D5B4, Relevance: 10.7, APIs: 7, Instructions: 151COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E234, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 146windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C04C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004551E4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427598, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004238C4, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C40C, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042153C, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004219AC, Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004329A0, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004211EC, Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045AE18, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004208D0, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F4FC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66clipboardCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403454, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045BDB0, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E5EC, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045DFCC, Relevance: 7.7, APIs: 5, Instructions: 168COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445994, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439F44, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D8C0, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
C-Code - Quality: 22% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424C08, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452940, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421154, Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00461F8C, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409C38, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453F40, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045EDFC, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 276timeCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409CE8, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439304, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117registryCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455C78, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80threadwindowCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045533C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448AB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3F4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426980, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A84, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AE18, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042370C, Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449108, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045AF04, Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004171B0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AA0, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453ECC, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423FD0, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
C-Code - Quality: 49% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004072AC, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044898C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044874C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C628, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456188, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445904, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00405CA0, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DAC, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004547D0, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045433C, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 130windowregistryCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440D14, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454034, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045372C, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040174C, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004015B8, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401414, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 34memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004755CC, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731A, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040731C, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A64, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1FC, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0043C504, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043061C, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440918, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A0A4, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50filewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CC, Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A2D0, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E234, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 146windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C04C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C40C, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004208D0, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E5EC, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452940, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004260B8, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044874C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C628, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456188, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |