Analysis Report covid21.exe
Overview
General Information
Detection
Score: | 69 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MBRLocker | Yara detected MBRLocker Ransomware | Joe Security | ||
JoeSecurity_MBRLocker | Yara detected MBRLocker Ransomware | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MBRLocker | Yara detected MBRLocker Ransomware | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: | |||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 3_2_0040850C | |
Source: | Code function: | 3_2_00408604 | |
Source: | Code function: | 3_2_00405210 | |
Source: | Code function: | 6_2_0043892A | |
Source: | Code function: | 6_2_00424873 | |
Source: | Code function: | 6_2_00423AD5 | |
Source: | Code function: | 6_2_0040A357 | |
Source: | Code function: | 6_2_0042C368 | |
Source: | Code function: | 6_2_00423D09 | |
Source: | Code function: | 6_2_00423DE4 | |
Source: | Code function: | 6_2_00424DBB | |
Source: | Code function: | 6_2_0042C603 | |
Source: | Code function: | 6_2_00439FDC |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 6_2_00443AE3 |
Source: | Code function: | 3_2_004218AC |
Source: | Code function: | 6_2_00420B07 |
Source: | Code function: | 3_2_00435EB4 |
Source: | Binary or memory string: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Yara detected MBRLocker Ransomware | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Contains functionalty to change the wallpaper | Show sources |
Source: | Code function: | 3_2_0046CF80 |
System Summary: |
---|
Sample or dropped binary is a compiled AutoHotkey binary | Show sources |
Source: | Window found: | Jump to behavior |
Source: | Code function: | 3_2_00439164 | |
Source: | Code function: | 3_2_0045543C | |
Source: | Code function: | 3_2_0042E49C | |
Source: | Code function: | 3_2_00449828 | |
Source: | Code function: | 3_2_00455BEC | |
Source: | Code function: | 3_2_00455CB0 | |
Source: | Code function: | 8_2_00428F5C | |
Source: | Code function: | 8_2_0042220A | |
Source: | Code function: | 8_2_00422218 | |
Source: | Code function: | 8_2_0042E808 |
Source: | Code function: | 6_2_004234E7 |
Source: | Code function: | 6_2_0042CAA7 |
Source: | Code function: | 3_2_00458A98 | |
Source: | Code function: | 3_2_0044EE08 | |
Source: | Code function: | 3_2_00465050 | |
Source: | Code function: | 3_2_00449828 | |
Source: | Code function: | 3_2_00463A68 | |
Source: | Code function: | 6_2_004075C4 | |
Source: | Code function: | 6_2_0040DE8C | |
Source: | Code function: | 6_2_00458854 | |
Source: | Code function: | 6_2_00424873 | |
Source: | Code function: | 6_2_0044207B | |
Source: | Code function: | 6_2_00414803 | |
Source: | Code function: | 6_2_004071FF | |
Source: | Code function: | 6_2_0044522E | |
Source: | Code function: | 6_2_0044B395 | |
Source: | Code function: | 6_2_00421466 | |
Source: | Code function: | 6_2_00452C20 | |
Source: | Code function: | 6_2_0042F514 | |
Source: | Code function: | 6_2_00450529 | |
Source: | Code function: | 6_2_00449D8E | |
Source: | Code function: | 6_2_0042963D | |
Source: | Code function: | 6_2_0040CF24 | |
Source: | Code function: | 6_2_0041B735 | |
Source: | Code function: | 6_2_0044179A | |
Source: | Code function: | 8_2_0042E58C |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_0041EC2C |
Source: | Code function: | 6_2_0042CAA7 |
Source: | Code function: | 3_2_00408862 |
Source: | Code function: | 6_2_0042B61C |
Source: | Code function: | 3_2_004138D4 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Process created: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_00440A48 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_00441115 | |
Source: | Code function: | 3_2_0040D693 | |
Source: | Code function: | 3_2_00442084 | |
Source: | Code function: | 3_2_004162BA | |
Source: | Code function: | 3_2_004423A0 | |
Source: | Code function: | 3_2_0044A38B | |
Source: | Code function: | 3_2_004284C2 | |
Source: | Code function: | 3_2_0042E60C | |
Source: | Code function: | 3_2_0042E660 | |
Source: | Code function: | 3_2_00410832 | |
Source: | Code function: | 3_2_00410832 | |
Source: | Code function: | 3_2_0042C868 | |
Source: | Code function: | 3_2_0042C8A0 | |
Source: | Code function: | 3_2_0042C830 | |
Source: | Code function: | 3_2_004108DC | |
Source: | Code function: | 3_2_00410A0C | |
Source: | Code function: | 3_2_0042C910 | |
Source: | Code function: | 3_2_0042C8D8 | |
Source: | Code function: | 3_2_0042C980 | |
Source: | Code function: | 3_2_0042C948 | |
Source: | Code function: | 3_2_00464936 | |
Source: | Code function: | 3_2_00410A0C | |
Source: | Code function: | 3_2_00426AF6 | |
Source: | Code function: | 3_2_00426B70 | |
Source: | Code function: | 3_2_00426B2C | |
Source: | Code function: | 3_2_00412BA1 | |
Source: | Code function: | 3_2_00406CA6 | |
Source: | Code function: | 3_2_0042ECC2 | |
Source: | Code function: | 3_2_00406CE8 | |
Source: | Code function: | 3_2_00424D9C | |
Source: | Code function: | 3_2_0040CCF1 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Command shell drops VBS files | Show sources |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 3_2_004554C4 | |
Source: | Code function: | 3_2_00452098 | |
Source: | Code function: | 3_2_0043AB48 | |
Source: | Code function: | 3_2_0043B440 | |
Source: | Code function: | 3_2_00425458 | |
Source: | Code function: | 3_2_00455BEC | |
Source: | Code function: | 3_2_00455CB0 | |
Source: | Code function: | 3_2_0043BD64 | |
Source: | Code function: | 6_2_0043A0D6 | |
Source: | Code function: | 6_2_004360F9 | |
Source: | Code function: | 6_2_004360F9 | |
Source: | Code function: | 6_2_0043536F | |
Source: | Code function: | 6_2_0043C3F2 | |
Source: | Code function: | 6_2_00439C0E | |
Source: | Code function: | 6_2_0044C66D | |
Source: | Code function: | 6_2_00431E81 | |
Source: | Code function: | 6_2_0042CF3C | |
Source: | Code function: | 8_2_00428FE4 | |
Source: | Code function: | 8_2_0041F210 | |
Source: | Code function: | 8_2_0041E320 | |
Source: | Code function: | 8_2_0041EABA | |
Source: | Code function: | 8_2_0041EABC | |
Source: | Code function: | 8_2_004275F8 | |
Source: | Code function: | 8_2_00429678 | |
Source: | Code function: | 8_2_004296C0 |
Source: | Code function: | 3_2_00440A48 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 3_2_0045478C | |
Source: | Code function: | 8_2_00428764 |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: |
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 3_2_0040850C | |
Source: | Code function: | 3_2_00408604 | |
Source: | Code function: | 3_2_00405210 | |
Source: | Code function: | 6_2_0043892A | |
Source: | Code function: | 6_2_00424873 | |
Source: | Code function: | 6_2_00423AD5 | |
Source: | Code function: | 6_2_0040A357 | |
Source: | Code function: | 6_2_0042C368 | |
Source: | Code function: | 6_2_00423D09 | |
Source: | Code function: | 6_2_00423DE4 | |
Source: | Code function: | 6_2_00424DBB | |
Source: | Code function: | 6_2_0042C603 | |
Source: | Code function: | 6_2_00439FDC |
Source: | Code function: | 6_2_00440E73 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_00440A48 |
Source: | Code function: | 6_2_0040EFDE |
Source: | Code function: | 6_2_004132DA |
Source: | Code function: | 6_2_0041380D |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_004053D4 | |
Source: | Code function: | 3_2_0040B068 | |
Source: | Code function: | 3_2_0040B0B4 | |
Source: | Code function: | 3_2_004054E0 | |
Source: | Code function: | 3_2_00405CCE | |
Source: | Code function: | 3_2_00405CD0 | |
Source: | Code function: | 6_2_0043DE27 | |
Source: | Code function: | 8_2_004043C8 | |
Source: | Code function: | 8_2_004082D0 | |
Source: | Code function: | 8_2_0040831C |
Source: | Code function: | 3_2_00409B44 |
Source: | Code function: | 6_2_00419AF0 |
Source: | Code function: | 3_2_00441090 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting112 | Application Shimming1 | Exploitation for Privilege Escalation1 | Deobfuscate/Decode Files or Information1 | Input Capture21 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Application Shimming1 | Scripting112 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Screen Capture1 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Defacement1 |
Domain Accounts | At (Linux) | Logon Script (Windows) | Access Token Manipulation1 | Obfuscated Files or Information21 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Input Capture21 | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection12 | Software Packing11 | NTDS | System Information Discovery16 | Distributed Component Object Model | Clipboard Data2 | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion3 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Security Software Discovery121 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection12 | DCSync | Virtualization/Sandbox Evasion3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Process Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Application Window Discovery11 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
72% | Virustotal | Browse | ||
31% | Metadefender | Browse | ||
86% | ReversingLabs | Win32.Ransomware.MbrLocker | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1133501 | ||
100% | Joe Sandbox ML | |||
8% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
7% | ReversingLabs | |||
71% | ReversingLabs | Win32.Trojan.KillMbr | ||
39% | Metadefender | Browse | ||
62% | ReversingLabs | Win32.PUA.BlurScrn |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 340294 |
Start date: | 15.01.2021 |
Start time: | 15:33:20 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | covid21.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Critical Process Termination |
Detection: | MAL |
Classification: | mal69.rans.evad.winEXE@79/10@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:34:23 | API Interceptor | |
15:34:29 | API Interceptor | |
15:35:02 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\1870.tmp\screenscrew.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\1870.tmp\CLWCP.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 517120 |
Entropy (8bit): | 6.5991952372789155 |
Encrypted: | false |
SSDEEP: | 12288:kDupRTrjf1nJp2NLtVu4jPau4p+lE3dWq:SExrj1DAt84DaTU4dW |
MD5: | E62EE6F1EFC85CB36D62AB779DB6E4EC |
SHA1: | DA07EC94CF2CB2B430E15BD0C5084996A47EE649 |
SHA-256: | 13B4EC59785A1B367EFB691A3D5C86EB5AAF1CA0062521C4782E1BAAC6633F8A |
SHA-512: | 8142086979EC1CA9675418E94326A40078400AFF8587FC613E17164E034BADD828E9615589E6CB8B9339DA7CDC9BCB8C48E0890C5F288068F4B86FF659670A69 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 422029 |
Entropy (8bit): | 6.688336510135275 |
Encrypted: | false |
SSDEEP: | 12288:5NIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTQ:uPGSY91VwNJcFMqTQ |
MD5: | A7CE5BEE03C197F0A99427C4B590F4A0 |
SHA1: | 14D8617C51947FB49B3ABA7E9AECE83E5094CF71 |
SHA-256: | 0C53A3EC2B432A9013546F92416109D7E8F64CEA26AC2491635B4CF2A310D852 |
SHA-512: | 7F3C56C42D899ADA5ACDC5C162391F9FA06455DB08E6DF0A57132CA5B1BB3D52E6DBC9342310480D45AA32915502ACEB7552375A45D3FD1A54FEE0E73AF6024A |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 103424 |
Entropy (8bit): | 6.182089878681113 |
Encrypted: | false |
SSDEEP: | 3072:wCGPVHzzgd2HPVVf9AebuLFfK9s7I+PnNgDd9:wrak9gor+Pn6 |
MD5: | D917AF256A1D20B4EAC477CDB189367B |
SHA1: | 6C2FA4648B16B89C4F5664F1C3490EC2022EB5DD |
SHA-256: | E40F57F6693F4B817BEB50DE68027AABBB0376CA94A774F86E3833BAF93DC4C0 |
SHA-512: | FD2CB0FB398A5DDD0A52CF2EFC733C606884AA68EC406BDBDDB3A41B31D6F9C0F0C4837326A9D53B53202792867901899A8CF5024A5E542E8BDCEE615BE0B707 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25 |
Entropy (8bit): | 4.023465189601646 |
Encrypted: | false |
SSDEEP: | 3:rCmFLFDhy:FFxdy |
MD5: | F4DE606815F3BD1BF38B83C91AC66C35 |
SHA1: | ABFB1ED384DAA10B71C333D9A67721666CBE50AC |
SHA-256: | AAC0328F3782AEFD5BB8A2DF87B65DCC545A0F2CB4A0052F9068B53BA6D4E0D3 |
SHA-512: | 1C7124DD589B4D4F673780D3BA9C942DCB6DFB65A06A20998A69A04C6AF493AA96061BC2CE32B8F12D9074330B37D4FD6C513EDA3246A5E736C2C8A760D81327 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6220854 |
Entropy (8bit): | 6.661342299527127 |
Encrypted: | false |
SSDEEP: | 49152:rqOMrLc9mx9FWygr32exYyxr8Zctqt6lYuUXHR:XMrLMS94ygaex3xr8ZctqQ+uUXHR |
MD5: | CF4483270F71B38DCD27453333D0FD22 |
SHA1: | 7420B02927A46DC42DE25944234BB02F6F9B4436 |
SHA-256: | 5C65AC5249BCD106AF671A36DA4320B6ACAFE633369DCD45F72E73C4529122E7 |
SHA-512: | 0CE1D66497F8C3863547D0C0131BDA177E262ED7869F3047F6B56CE82C9E3308BE1AA3438254BEA2B4F2D0F712943A51E1E27394283AFA70664BD81B2C6C69A4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.304008158030018 |
Encrypted: | false |
SSDEEP: | 3:xDCHGFkCSgjtNMwHOSR4:xYGFtDjdHOD |
MD5: | A3716F222B9A4EF9484E95557780A858 |
SHA1: | 00E0A1B1A0B1D4F0A99DB8EE8110DAF177FFD902 |
SHA-256: | 11B7A39B5CAF234D4F027868506FD75E859FA660E737EFB95EE514C40E989CA4 |
SHA-512: | 645F033E27AB65874F1F435912CEB71EC17E52FC24B1E80C07F2BFAB7AD6E78A573F4188FAEDF5A7DB7050C19F754605E68B81E48464E7C1D34F964B140D2752 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 940 |
Entropy (8bit): | 4.685562512512985 |
Encrypted: | false |
SSDEEP: | 24:jQqxgHVI3FVawBR7iwiCXiCXiCXiCXiCXiCXiCXiCXiCXiCXiRBxG:jQqxgmawBR7iwiCXiCXiCXiCXiCXiCXt |
MD5: | CB71400420494F3DD91D5CD070B01B3F |
SHA1: | 6FEE86981E62AD8AC96EDE3435D7F7E9B18C9932 |
SHA-256: | 25034DCCDB96D86E3B797B7DB7DD7786D74B51120196C44340A03B3291B3C9AC |
SHA-512: | F3B9DAD00C9EFBCADD721CF225EC910CC0D6A644E3A86050A3A33CD28152BB3C6F836ADCA8803FF5553EAB461D67472A167C1B6C25EFB779AAA60CEB4B9E6285 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59 |
Entropy (8bit): | 4.254590296000633 |
Encrypted: | false |
SSDEEP: | 3:rCmF0VDNMogDXKTMjDgov:FFKMDX/jJ |
MD5: | 87AAEBE24D9CC38CB0357E9723CCE915 |
SHA1: | 5C301A5165263FE382AEFB758FF6494522B9D4F1 |
SHA-256: | 0AA36C0A57C3F2C57EE9D674CEFCCD86970C239233F571718D434472C0F6FFBA |
SHA-512: | E5C905EAD6F158B2908E0F802B9DB99419088EC8A638753A875629C07A37748F6FBA56E60D4712C113A5DE1DBF730FF532B1B002AF7262D0A96042851A6D4919 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\covid21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 113664 |
Entropy (8bit): | 7.838778904595643 |
Encrypted: | false |
SSDEEP: | 1536:o0J9QXrssV7g4Rq3b24oFDo2mL7oagiBGVHo8J75qUbGuNxTJeqq62hxcmpn6izz:o0J9QbLkewys+C6pNxFE7Z6wAO |
MD5: | E87A04C270F98BB6B5677CC789D1AD1D |
SHA1: | 8C14CB338E23D4A82F6310D13B36729E543FF0CA |
SHA-256: | E03520794F00FB39EF3CFFF012F72A5D03C60F89DE28DBE69016F6ED151B5338 |
SHA-512: | 8784F4D42908E54ECEDFB06B254992C63920F43A27903CCEDD336DAAEED346DB44E1F40E7DB971735DA707B5B32206BE1B1571BC0D6A2D6EB90BBF9D1F69DE13 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6220854 |
Entropy (8bit): | 6.661342299527127 |
Encrypted: | false |
SSDEEP: | 49152:rqOMrLc9mx9FWygr32exYyxr8Zctqt6lYuUXHR:XMrLMS94ygaex3xr8ZctqQ+uUXHR |
MD5: | CF4483270F71B38DCD27453333D0FD22 |
SHA1: | 7420B02927A46DC42DE25944234BB02F6F9B4436 |
SHA-256: | 5C65AC5249BCD106AF671A36DA4320B6ACAFE633369DCD45F72E73C4529122E7 |
SHA-512: | 0CE1D66497F8C3863547D0C0131BDA177E262ED7869F3047F6B56CE82C9E3308BE1AA3438254BEA2B4F2D0F712943A51E1E27394283AFA70664BD81B2C6C69A4 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.9997699023893825 |
TrID: |
|
File name: | covid21.exe |
File size: | 2118656 |
MD5: | 1a2e2d295e04f74437652dc9b8a2d03c |
SHA1: | e3565983ee402856c2cf4eec2ac6ff9636443fe9 |
SHA256: | a078251c61a4f90bf60da47d99cea465be5d44057684d681fb3d94a20d2025bd |
SHA512: | 7d5130ad41c4903aa66fc00b22bc3799ade4b6c3bb82db9aead43158aa03165159b59f8c16d8cf68fb297e69e6a13acc9708669d5916fe52b9254330c1f14df2 |
SSDEEP: | 49152:0nE90klpPD4FwJa7AnlHLq5X2C77sf9ezdePyM2KGJOF:0nE9TpL4Fwa+lrq4C7If9e5+2KUO |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'..L...............2.P ......0Q..}q..@Q...q...@...........................q............................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0xb17d80 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4CD7F727 [Mon Nov 8 13:12:07 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 1d88d597200c0081784c27940d743ec5 |
Entrypoint Preview |
---|
Instruction |
---|
pushad |
mov esi, 00914015h |
lea edi, dword ptr [esi-00513015h] |
push edi |
mov ebp, esp |
lea ebx, dword ptr [esp-00003E80h] |
xor eax, eax |
push eax |
cmp esp, ebx |
jne 00007FF69112E08Dh |
inc esi |
inc esi |
push ebx |
push 00715988h |
push edi |
add ebx, 04h |
push ebx |
push 00203D68h |
push esi |
add ebx, 04h |
push ebx |
push eax |
mov dword ptr [ebx], 00020003h |
nop |
nop |
nop |
nop |
nop |
push ebp |
push edi |
push esi |
push ebx |
sub esp, 7Ch |
mov edx, dword ptr [esp+00000090h] |
mov dword ptr [esp+74h], 00000000h |
mov byte ptr [esp+73h], 00000000h |
mov ebp, dword ptr [esp+0000009Ch] |
lea eax, dword ptr [edx+04h] |
mov dword ptr [esp+78h], eax |
mov eax, 00000001h |
movzx ecx, byte ptr [edx+02h] |
mov ebx, eax |
shl ebx, cl |
mov ecx, ebx |
dec ecx |
mov dword ptr [esp+6Ch], ecx |
movzx ecx, byte ptr [edx+01h] |
shl eax, cl |
dec eax |
mov dword ptr [esp+68h], eax |
mov eax, dword ptr [esp+000000A8h] |
movzx esi, byte ptr [edx] |
mov dword ptr [ebp+00h], 00000000h |
mov dword ptr [esp+60h], 00000000h |
mov dword ptr [eax], 00000000h |
mov eax, 00000300h |
mov dword ptr [esp+64h], esi |
mov dword ptr [esp+5Ch], 00000001h |
mov dword ptr [esp+58h], 00000001h |
mov dword ptr [esp+54h], 00000001h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x719414 | 0x220 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x719000 | 0x414 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x513000 | 0x0 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
UPX1 | 0x514000 | 0x205000 | 0x204a00 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x719000 | 0x1000 | 0x800 | False | 0.39501953125 | data | 4.13064509522 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_RCDATA | 0xc174 | 0x3ac | empty | ||
RT_RCDATA | 0xc520 | 0x7090c3 | empty | ||
RT_RCDATA | 0x7155e4 | 0x66 | data | ||
RT_RCDATA | 0x71564c | 0xb | Non-ISO extended-ASCII text, with no line terminators | ||
RT_RCDATA | 0x715658 | 0x6 | data | ||
RT_MANIFEST | 0x719178 | 0x29c | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
COMCTL32.dll | InitCommonControls |
GDI32.dll | SetBkColor |
MSVCRT.dll | memset |
OLE32.dll | CoInitialize |
SHELL32.dll | ShellExecuteExA |
SHLWAPI.dll | PathQuoteSpacesA |
USER32.dll | IsChild |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:34:10 |
Start date: | 15/01/2021 |
Path: | C:\Users\user\Desktop\covid21.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2118656 bytes |
MD5 hash: | 1A2E2D295E04F74437652DC9B8A2D03C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:34:12 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:12 |
Start date: | 15/01/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:13 |
Start date: | 15/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\1870.tmp\CLWCP.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 517120 bytes |
MD5 hash: | E62EE6F1EFC85CB36D62AB779DB6E4EC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:34:17 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:18 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:23 |
Start date: | 15/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\1870.tmp\PayloadGDI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 422029 bytes |
MD5 hash: | A7CE5BEE03C197F0A99427C4B590F4A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:34:23 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:29 |
Start date: | 15/01/2021 |
Path: | C:\Users\user\AppData\Local\Temp\1870.tmp\screenscrew.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 113664 bytes |
MD5 hash: | E87A04C270F98BB6B5677CC789D1AD1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:34:29 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:31 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:31 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:33 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:33 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:35 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:35 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:34:37 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:37 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff6b7590000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:39 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:39 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:41 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:42 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:46 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:46 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:47 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:48 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:49 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:50 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:51 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:51 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:54 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:34:54 |
Start date: | 15/01/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004053D4, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046CF80, Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 213registryCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054E0, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439164, Relevance: 3.2, APIs: 2, Instructions: 158COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435EB4, Relevance: 1.6, APIs: 1, Instructions: 131COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138D4, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441090, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045543C, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440E40, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454DBC, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 132windowregistryCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C77C, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043848C, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454A70, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134windowCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454054, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A1C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E4C0, Relevance: 7.7, APIs: 5, Instructions: 176COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455280, Relevance: 4.6, APIs: 3, Instructions: 69COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C6B8, Relevance: 4.6, APIs: 3, Instructions: 56threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B3E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B3E4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402110, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404028, Relevance: 3.1, APIs: 2, Instructions: 68COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404020, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404024, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E510, Relevance: 3.0, APIs: 2, Instructions: 47timeCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453C18, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AD00, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040152C, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CE2A, Relevance: 2.5, APIs: 2, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406AC2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406AC4, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455E44, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B1C, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E6E8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004388D8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 55% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405170, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401608, Relevance: 1.3, APIs: 1, Instructions: 64COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004016C8, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AB90, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040175C, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00440A48, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405210, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BD64, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B440, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045478C, Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AB48, Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EC2C, Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408604, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408862, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E49C, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CCE, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B068, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B0B4, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B44, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00465050, Relevance: .2, Instructions: 238COMMONCrypto
C-Code - Quality: 16% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427208, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EE84, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 250windowCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C874, Relevance: 19.7, APIs: 13, Instructions: 224COMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B74, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428300, Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439A78, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431760, Relevance: 16.6, APIs: 11, Instructions: 91COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D99, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 40threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004347A8, Relevance: 13.6, APIs: 9, Instructions: 140COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004211AC, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425588, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042565C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425730, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442B3C, Relevance: 12.2, APIs: 8, Instructions: 170COMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004398E8, Relevance: 12.1, APIs: 8, Instructions: 136COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F22C, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004454A8, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D1AC, Relevance: 10.7, APIs: 7, Instructions: 155COMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004565D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453CFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004438DC, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448A54, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74libraryloaderCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421DE8, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F35C, Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F730, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FBA8, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AE4, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F3DC, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EAA8, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423E2C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041603C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403210, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445A3C, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004394B4, Relevance: 7.6, APIs: 5, Instructions: 120COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044587C, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455F48, Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423228, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453174, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F344, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AE2, Relevance: 7.6, APIs: 5, Instructions: 54COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B2F4, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004548A0, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3A4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456CD0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98timethreadwindowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448EE8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBF4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004329A0, Relevance: 6.2, APIs: 4, Instructions: 207COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA40, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B5E0, Relevance: 6.1, APIs: 4, Instructions: 102COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B5DE, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421C30, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449584, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045503C, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004164E0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004327E8, Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004318A4, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045482C, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00459324, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A8C, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448C38, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
C-Code - Quality: 61% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0040DE8C, Relevance: 71.1, APIs: 34, Strings: 6, Instructions: 1083timewindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004075C4, Relevance: 31.8, APIs: 15, Strings: 2, Instructions: 2084stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A0D6, Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 374windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043892A, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004481E0, Relevance: 85.6, APIs: 12, Strings: 36, Instructions: 1558COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426406, Relevance: 65.3, APIs: 34, Strings: 3, Instructions: 598windowregistryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447741, Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 292sleeplibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447ADC, Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 186registrywindowclipboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409303, Relevance: 37.4, APIs: 13, Strings: 8, Instructions: 621libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402CD7, Relevance: 20.0, APIs: 5, Strings: 6, Instructions: 723windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E5D9, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 240windowthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041E7, Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 255windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404512, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 186windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048BD, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 180windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040466B, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404947, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046AE, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447561, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422985, Relevance: 9.2, APIs: 6, Instructions: 162sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442B4F, Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043FC06, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442BA3, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AA38, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440B23, Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B25E, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004029B5, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 250timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AE71, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427EA5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004508C7, Relevance: 3.2, APIs: 2, Instructions: 180COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422731, Relevance: 3.1, APIs: 2, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A58E, Relevance: 3.1, APIs: 2, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DCC5, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F4ED, Relevance: 3.0, APIs: 2, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EDBB, Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C3B0, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A6AE, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F618, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B14C, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00424873, Relevance: 45.9, APIs: 24, Strings: 2, Instructions: 386filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420B07, Relevance: 42.7, APIs: 19, Strings: 5, Instructions: 680windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A357, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 224fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C368, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 165filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C3F2, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 146threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CAA7, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004071FF, Relevance: 6.2, APIs: 4, Instructions: 210COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419AF0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004132DA, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041380D, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414367, Relevance: 77.4, APIs: 43, Strings: 1, Instructions: 380keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004181F7, Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 159libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F8A7, Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 165windowclipboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427AFF, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 151windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044334A, Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 143fileclipboardmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420082, Relevance: 30.2, APIs: 12, Strings: 5, Instructions: 452clipboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444014, Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 154threadsleepsynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004222AC, Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 414windowtimeinjectionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414070, Relevance: 27.2, APIs: 18, Instructions: 175COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A10B, Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 304libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042EA2D, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 172windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E14F, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 115fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E2C6, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 90libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A263, Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 137registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004350F1, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 178windowlibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044384E, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 137fileclipboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004320FD, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 111registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D3F2, Relevance: 16.8, APIs: 11, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059F6, Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 248windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183F3, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 173timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421286, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 155windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004439A1, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C146, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62libraryloaderthreadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041803C, Relevance: 15.1, APIs: 10, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406030, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 226windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051C3, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 202filewindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405828, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 198windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040597E, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 196windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040417A, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 193sleepwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405006, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058A7, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F9BB, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E9AB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D2D0, Relevance: 12.1, APIs: 8, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B8A, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 205windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B1B, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405338, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052B9, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 191windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405900, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 185windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404033, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 184windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405159, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404143, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404128, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040ED, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 176windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405053, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404070, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040B9, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040481E, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 174windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405954, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 173windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040488D, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 172windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040D6, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404098, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A44, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040580C, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040CE, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048FD, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404162, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404972, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404922, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404997, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040485A, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040486E, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405091, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 168windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049BC, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 168windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040437B, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 168windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040507E, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058DC, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040DD, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EE, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404317, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418998, Relevance: 10.6, APIs: 7, Instructions: 115fileCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411B37, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 113windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419911, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443B6B, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438A7B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 22filelibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439900, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042634C, Relevance: 9.1, APIs: 6, Instructions: 66timeCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA49, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437110, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433334, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425855, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004470F7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004470A6, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E033, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424007, Relevance: 7.7, APIs: 5, Instructions: 219fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413851, Relevance: 7.6, APIs: 5, Instructions: 134COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422077, Relevance: 7.6, APIs: 5, Instructions: 89threadsleepwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CA00, Relevance: 7.6, APIs: 5, Instructions: 60windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041890E, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CB5B, Relevance: 7.5, APIs: 5, Instructions: 40windowtimethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436851, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450338, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442852, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C8F8, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043732C, Relevance: 6.1, APIs: 4, Instructions: 89windowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004239EA, Relevance: 6.1, APIs: 4, Instructions: 88COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436AA7, Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004369A9, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428B4F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E980, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C256, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B883, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049DD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441358, Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |