Play interactive tour
Edit tourAnalysis Report CaixaBank Payments Consumer Factura Leasing del 22 DE FEBRERO DE 2021 Contrato 7621780..exe
Overview
General Information
| Sample Name: | CaixaBank Payments Consumer Factura Leasing del 22 DE FEBRERO DE 2021 Contrato 7621780..exe |
| Analysis ID: | 356558 |
| MD5: | 4b0c59e06d56f96b602535d32ef842eb |
| SHA1: | bd1fc302cd46654ede8c914438f8dc12552cdf71 |
| SHA256: | 83c3850412a66c31e48de8bb8e252982f52b3482a79fadad65b48692a1030a89 |
Most interesting Screenshot:  | |
Detection
| Score: | 88 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Classification
Startup |
|---|
|
Malware Configuration |
|---|
| No configs have been found |
|---|
Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
| JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Signature Overview |
|---|
Click to jump to signature section
AV Detection: |   |
|---|
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Metadefender: | Perma Link | ||
| Source: | ReversingLabs: | |||
Compliance: | |
|---|
| Uses 32bit PE files | Show sources | ||
| Source: | Static PE information: | ||
System Summary: | |
|---|
| Potential malicious icon found | Show sources | ||
| Source: | Icon embedded in PE file: | ||
| Executable has a suspicious name (potential lure to open the executable) | Show sources | ||
| Source: | Static file information: | ||
| Initial sample is a PE file and has a suspicious name | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_004013B0 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Metadefender: | ||
| Source: | ReversingLabs: | ||
Data Obfuscation: | |
|---|
| Yara detected GuLoader | Show sources | ||
| Source: | File source: | ||
| Yara detected VB6 Downloader Generic | Show sources | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00407240 | |
| Source: | Code function: | 0_2_004082F6 | |
| Source: | Code function: | 0_2_020F5702 | |
| Source: | Code function: | 0_2_020F5357 | |
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources | ||
| Source: | RDTSC instruction interceptor: | ||
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Tries to detect virtualization through RDTSC time measurements | Show sources | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Code function: | 0_2_020F440B | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_020F440B | |
| Source: | Code function: | 0_2_020F2A58 | |
| Source: | Code function: | 0_2_020F1C89 | |
| Source: | Code function: | 0_2_020F1C87 | |
| Source: | Code function: | 0_2_020F1CEB | |
| Source: | Code function: | 0_2_020F497E | |
| Source: | Code function: | 0_2_020F4DEF | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_020F4E1E | |
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Process Injection1 | OS Credential Dumping | Security Software Discovery311 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Obfuscated Files or Information1 | LSASS Memory | Process Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | System Information Discovery211 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 55% | Virustotal | Browse | ||
| 24% | Metadefender | Browse | ||
| 64% | ReversingLabs | Win32.Trojan.Vebzenpak |
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| No Antivirus matches |
|---|
Domains and IPs |
|---|
General Information |
|---|
| Joe Sandbox Version: | 31.0.0 Emerald |
| Analysis ID: | 356558 |
| Start date: | 23.02.2021 |
| Start time: | 10:10:50 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 7m 20s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | CaixaBank Payments Consumer Factura Leasing del 22 DE FEBRERO DE 2021 Contrato 7621780..exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 18 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal88.rans.troj.evad.winEXE@1/0@0/0 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| No simulations |
|---|
Joe Sandbox View / Context |
|---|
Created / dropped Files |
|---|
| No created / dropped files found |
|---|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 5.395614627986068 |
| TrID: |
|
| File name: | CaixaBank Payments Consumer Factura Leasing del 22 DE FEBRERO DE 2021 Contrato 7621780..exe |
| File size: | 65536 |
| MD5: | 4b0c59e06d56f96b602535d32ef842eb |
| SHA1: | bd1fc302cd46654ede8c914438f8dc12552cdf71 |
| SHA256: | 83c3850412a66c31e48de8bb8e252982f52b3482a79fadad65b48692a1030a89 |
| SHA512: | 5f1d75ddfcebfc45b52df88500a941d0752b7bdf53caaf2d0c5d32c9baf31f8bd2ff3b382db775f14ebcffc6318f561bff6fd99d6d798fcecfbc09c96b5a1b30 |
| SSDEEP: | 768:EldtJlJFVGEtCOUGVZGkw15dCRq4EPmqfOCsm29aV42:SzJlgEtCoZGR15dCRq4EPmhCstY |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+O..E...E...E.X.K...E...L...E...H...E.Rich..E.................PE..L...q.'W.....................0....................@........ |
File Icon |
|---|
 | |
| Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x4013b0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| DLL Characteristics: | |
| Time Stamp: | 0x5727CB71 [Mon May 2 21:49:37 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e040c8c04f7f9a83c53d48451cf696fa |
Entrypoint Preview |
|---|
| Instruction |
|---|
| push 00401A48h |
| call 00007F34ECA5B8D3h |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| xor byte ptr [eax], al |
| add byte ptr [eax], al |
| inc eax |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [edi+54h], al |
| dec esp |
| pop ebp |
| xor ch, byte ptr [edx-61h] |
| inc ebp |
| xor dword ptr [ecx], 78h |
| adc bh, byte ptr [ebp+007F95D3h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [ecx], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add al, ah |
| fild word ptr [esi] |
| add ebp, dword ptr [esi+6Fh] |
| outsb |
| jbe 00007F34ECA5B947h |
| je 00007F34ECA5B945h |
| bound eax, dword ptr [eax] |
| add byte ptr [eax], ah |
| or byte ptr [ecx+00h], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| dec esp |
| xor dword ptr [eax], eax |
| pop es |
| jmp 00007F34E7B31864h |
| push 0D9D4625h |
| sbb eax, CAB8DA9Eh |
| mov seg?, word ptr [esi+esi+5Bh] |
| dec esi |
| adc byte ptr [ecx+288E47EAh], bh |
| jecxz 00007F34ECA5B8A0h |
| nop |
| push cs |
| scasb |
| pop esi |
| cmp cl, byte ptr [edi-53h] |
| xor ebx, dword ptr [ecx-48EE309Ah] |
| or al, 00h |
| stosb |
| add byte ptr [eax-2Dh], ah |
| xchg eax, ebx |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| test dword ptr [ecx], eax |
| add byte ptr [eax], al |
| inc ebp |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| or dword ptr [eax], eax |
| imul ebp, dword ptr [esi+64h], 69726B73h |
| jbe 00007F34ECA5B947h |
| add byte ptr [4B000701h], cl |
| popad |
| jo 00007F34ECA5B94Bh |
| je 00007F34ECA5B943h |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd314 | 0x28 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x10000 | 0x9b4 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xf8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xc798 | 0xd000 | False | 0.479154146635 | data | 6.08183817193 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .data | 0xe000 | 0x1958 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x10000 | 0x9b4 | 0x1000 | False | 0.179931640625 | data | 2.12202104214 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x10884 | 0x130 | data | ||
| RT_ICON | 0x1059c | 0x2e8 | data | ||
| RT_ICON | 0x10474 | 0x128 | GLS_BINARY_LSB_FIRST | ||
| RT_GROUP_ICON | 0x10444 | 0x30 | data | ||
| RT_VERSION | 0x10150 | 0x2f4 | data | Hungarian | Hungary |
Imports |
|---|
| DLL | Import |
|---|---|
| MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x040e 0x04b0 |
| LegalCopyright | Copyright (C) Tulix |
| InternalName | Narro3 |
| FileVersion | 1.00 |
| CompanyName | Tulix |
| LegalTrademarks | Copyright (C) Tulix |
| Comments | Tulix |
| ProductName | Tulix |
| ProductVersion | 1.00 |
| FileDescription | Tulix |
| OriginalFilename | Narro3.exe |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Hungarian | Hungary |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
| No network behavior found |
|---|
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 10:11:38 |
| Start date: | 23/02/2021 |
| Path: | C:\Users\user\Desktop\CaixaBank Payments Consumer Factura Leasing del 22 DE FEBRERO DE 2021 Contrato 7621780..exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 65536 bytes |
| MD5 hash: | 4B0C59E06D56F96B602535D32EF842EB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Visual Basic |
| Reputation: | low |
Disassembly |
|---|
Code Analysis |
|---|
Execution Graph |
|---|
| Execution Coverage: | 5.5% |
| Dynamic/Decrypted Code Coverage: | 24.5% |
| Signature Coverage: | 6.9% |
| Total number of Nodes: | 375 |
| Total number of Limit Nodes: | 27 |
Graph
Executed Functions |
|---|
Function 004013B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 241COMMONCrypto
Control-flow Graph |
|---|
| C-Code - Quality: 73% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A7C4, Relevance: 223.7, APIs: 119, Strings: 8, Instructions: 1497COMMON
| C-Code - Quality: 56% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 020F1C89, Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Control-flow Graph |
|---|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F1C87, Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Control-flow Graph |
|---|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F1CEB, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Control-flow Graph |
|---|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F440B, Relevance: .0, Instructions: 46COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F4DEF, Relevance: .0, Instructions: 36COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F4E1E, Relevance: .0, Instructions: 26COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F2A58, Relevance: .0, Instructions: 9COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020F497E, Relevance: .0, Instructions: 7COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C14B, Relevance: 33.3, APIs: 22, Instructions: 255COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 57% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D039, Relevance: 27.2, APIs: 18, Instructions: 193COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 53% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C8D9, Relevance: 24.1, APIs: 16, Instructions: 140COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
|---|
| C-Code - Quality: 59% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CE40, Relevance: 18.1, APIs: 12, Instructions: 133COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 56% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C69D, Relevance: 18.1, APIs: 12, Instructions: 131COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 61% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
|---|
| C-Code - Quality: 61% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CD14, Relevance: 10.6, APIs: 7, Instructions: 78COMMON
Control-flow Graph |
|---|
| C-Code - Quality: 55% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |