Analysis Report executable.4080.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Citadel | Yara detected Citadel | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Citadel | Yara detected Citadel | Joe Security | ||
JoeSecurity_Citadel | Yara detected Citadel | Joe Security | ||
JoeSecurity_Citadel | Yara detected Citadel | Joe Security | ||
citadel13xy | Citadel 1.5.x.y trojan banker | Jean-Philippe Teissier / @Jipe_ |
|
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Citadel | Yara detected Citadel | Joe Security | ||
JoeSecurity_Citadel | Yara detected Citadel | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 0_2_0040B74D |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_00408C33 |
Source: | Code function: | 0_2_0040B41D | |
Source: | Code function: | 0_2_0040B4D8 |
Source: | Code function: | 0_2_0040AC31 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Citadel | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00412C03 |
Source: | Code function: | 0_2_00412AC1 |
E-Banking Fraud: |
---|
Yara detected Citadel | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: |
Source: | Code function: | 0_2_0040344C | |
Source: | Code function: | 0_2_00404CCE | |
Source: | Code function: | 0_2_004034F6 |
Source: | Code function: | 0_2_0040F61D |
Source: | Code function: | 0_2_00415300 |
Source: | Code function: | 0_2_0040C570 | |
Source: | Code function: | 0_2_0040B65A |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_0041267A | |
Source: | Code function: | 0_2_004127BF |
Source: | Code function: | 0_2_0040F3C3 |
Source: | Code function: | 0_2_0040F36F |
Source: | Code function: | 0_2_0041000E |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Code function: | 0_2_00411408 |
Source: | Code function: | 0_2_00408798 |
Source: | Code function: | 0_2_00405841 | |
Source: | Code function: | 0_2_0040540A |
Source: | Code function: | 0_2_00411408 |
Malware Analysis System Evasion: |
---|
Found evasive API chain (may stop execution after checking mutex) | Show sources |
Source: | Evasive API call chain: | graph_0-9667 | ||
Source: | Evasive API call chain: | graph_0-9667 |
Source: | Evasive API call chain: | graph_0-9759 |
Source: | Check user administrative privileges: | graph_0-9822 |
Source: | API coverage: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_0040B41D | |
Source: | Code function: | 0_2_0040B4D8 |
Source: | Code function: | 0_2_00404CCE |
Source: | Code function: | 0_2_00404ACF |
Source: | Code function: | 0_2_00411408 |
Source: | Code function: | 0_2_0040EBCB |
Source: | Code function: | 0_2_0040779B |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_0040DB47 |
Source: | Code function: | 0_2_0041280F |
Source: | Code function: | 0_2_00411A9D |
Source: | Code function: | 0_2_00409921 |
Source: | Code function: | 0_2_0040F810 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0040CC51 | |
Source: | Code function: | 0_2_0040C961 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Native API13 | Valid Accounts1 | Valid Accounts1 | Valid Accounts1 | Input Capture11 | Network Share Discovery1 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Application Shimming1 | Access Token Manipulation11 | Disable or Modify Tools1 | LSASS Memory | System Time Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Application Shimming1 | Access Token Manipulation11 | Security Account Manager | Security Software Discovery1 | SMB/Windows Admin Shares | Clipboard Data1 | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Install Root Certificate1 | LSA Secrets | Account Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing1 | Cached Domain Credentials | System Owner/User Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
84% | Virustotal | Browse | ||
82% | ReversingLabs | Win32.Trojan.Zeus | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen2 | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Spy.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 358585 |
Start date: | 25.02.2021 |
Start time: | 21:50:45 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | executable.4080.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.bank.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.281631730900597 |
TrID: |
|
File name: | executable.4080.exe |
File size: | 118784 |
MD5: | 9b6886089b69bc227e48accb63231096 |
SHA1: | 3794deb61672f08dcd4997b18780d3a0b81340fb |
SHA256: | f7c242fef888f7129e510c5a2c2a9a3ada69891304017e93a235cd3148d0dde4 |
SHA512: | 7aec380c70624cd5336f23421aa2e2899d75b9b2098deb1dc8045ad27411919c032173662ccea468c68aa0702d8f9f373030eb821fea9e50e17759e8a9df9e7e |
SSDEEP: | 1536:D1fuot6xHoU2Qw6bQLsUPJEqz6ohfUOcgrZi0NwuMoVEcO9fipsdtAe1zIq3/VzD:hLIxHZRbMsZ/oh8/wlNhidtA8I8VzD |
File Content Preview: | MZ..............................................................................................................................................................................................................................PE..L......K.................~. |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x407f7f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x4BDF10B5 [Mon May 3 18:06:45 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | b14de3ce0d2ae45019008e4128864503 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
lea ebp, dword ptr [esp-78h] |
sub esp, 00000298h |
push ebx |
xor ebx, ebx |
push ebx |
mov byte ptr [ebp+77h], bl |
call 00007F0D3CB9271Ah |
test al, al |
je 00007F0D3CB93247h |
push 00008007h |
mov byte ptr [ebp+5Ch], bl |
mov byte ptr [ebp+76h], 00000001h |
call dword ptr [004011D4h] |
lea eax, dword ptr [ebp+6Ch] |
push eax |
call dword ptr [004011D8h] |
push eax |
call dword ptr [00401260h] |
cmp eax, ebx |
je 00007F0D3CB92F4Ah |
xor edx, edx |
cmp dword ptr [ebp+6Ch], ebx |
jle 00007F0D3CB92F3Ch |
mov ecx, dword ptr [eax+edx*4] |
cmp ecx, ebx |
je 00007F0D3CB92F2Fh |
cmp word ptr [ecx], 002Dh |
jne 00007F0D3CB92F29h |
movzx ecx, word ptr [ecx+02h] |
cmp ecx, 66h |
je 00007F0D3CB92F1Ch |
cmp ecx, 6Eh |
jne 00007F0D3CB92F1Bh |
mov byte ptr [ebp+76h], bl |
jmp 00007F0D3CB92F16h |
mov byte ptr [ebp+5Ch], 00000001h |
inc edx |
cmp edx, dword ptr [ebp+6Ch] |
jl 00007F0D3CB92EE8h |
push eax |
call dword ptr [004011ACh] |
push esi |
push edi |
push dword ptr [0041932Ch] |
xor eax, eax |
lea esi, dword ptr [ebp+60h] |
call 00007F0D3CB95F4Ch |
test al, al |
je 00007F0D3CB92F2Ch |
mov ecx, dword ptr [ebp+60h] |
lea eax, dword ptr [ebp+70h] |
push eax |
lea eax, dword ptr [ebp+6Ch] |
push eax |
mov eax, dword ptr [ebp+64h] |
call 00007F0D3CB92BF3h |
mov eax, esi |
call 00007F0D3CB95FD6h |
cmp dword ptr [ebp+70h], 000001E6h |
jne 00007F0D3CB92FAEh |
push dword ptr [ebp+6Ch] |
call 00007F0D3CB93776h |
test al, al |
je 00007F0D3CB92F75h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x177c4 | 0x104 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b000 | 0xd5c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x3e8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x18000 | 0x18000 | False | 0.610392252604 | data | 6.56580621678 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x2000 | 0x2000 | False | 0.568969726562 | data | 5.33094975112 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x1b000 | 0x2000 | 0x2000 | False | 0.363159179688 | data | 3.6749722075 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | lstrcmpiA, LoadLibraryA, WTSGetActiveConsoleSessionId, SetFileAttributesW, GetCurrentThread, SetThreadPriority, GetEnvironmentVariableW, FileTimeToDosDateTime, GetTempFileNameW, HeapReAlloc, CreateMutexW, FindFirstFileW, GetNativeSystemInfo, SetEndOfFile, CreateProcessW, HeapAlloc, SystemTimeToFileTime, SetFilePointerEx, HeapFree, GetComputerNameW, GetTickCount, GetProcessHeap, IsBadReadPtr, SetFileTime, VirtualQueryEx, WriteFile, OpenProcess, Thread32First, WideCharToMultiByte, ReadProcessMemory, GetVersionExW, CreateFileW, OpenEventW, Thread32Next, ReadFile, GetTimeZoneInformation, MultiByteToWideChar, FlushFileBuffers, GetTempPathW, GetFileSizeEx, OpenMutexW, GetLastError, SetLastError, VirtualProtectEx, VirtualAllocEx, FindClose, RemoveDirectoryW, FindNextFileW, VirtualProtect, CreateToolhelp32Snapshot, GetFileTime, ReleaseMutex, FileTimeToLocalFileTime, GetVolumeNameForVolumeMountPointW, DeleteFileW, GetFileInformationByHandle, MoveFileExW, GetUserDefaultUILanguage, GlobalLock, GlobalUnlock, CreateRemoteThread, Process32FirstW, Process32NextW, GetFileAttributesW, CreateDirectoryW, FreeLibrary, WriteProcessMemory, LocalFree, GetCurrentProcessId, HeapDestroy, DuplicateHandle, WaitForMultipleObjects, CreateEventW, GetModuleFileNameW, Sleep, VirtualFree, WaitForSingleObject, SetErrorMode, GetCommandLineW, ExitProcess, ExpandEnvironmentStringsW, GetPrivateProfileIntW, GetPrivateProfileStringW, lstrcmpiW, GetThreadContext, ResetEvent, GetProcAddress, GetModuleHandleW, SetEvent, CreateThread, GetSystemTime, GetLocalTime, CloseHandle, GetFileAttributesExW, GetProcessId, EnterCriticalSection, VirtualAlloc, LeaveCriticalSection, VirtualFreeEx, InitializeCriticalSection, SetThreadContext, HeapCreate |
USER32.dll | GetCursorPos, GetIconInfo, DrawIcon, LoadImageW, CharLowerW, ToUnicode, GetKeyboardState, ExitWindowsEx, MsgWaitForMultipleObjects, GetClipboardData, TranslateMessage, CharToOemW, CharLowerBuffA, DispatchMessageW, CharUpperW, PeekMessageW, CharLowerA |
ADVAPI32.dll | GetLengthSid, LookupPrivilegeValueW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateProcessAsUserW, RegQueryValueExW, CryptReleaseContext, RegCreateKeyExW, GetTokenInformation, GetSidSubAuthorityCount, OpenThreadToken, CryptAcquireContextW, GetSidSubAuthority, OpenProcessToken, CryptGetHashParam, EqualSid, IsWellKnownSid, RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, CryptDestroyHash, AdjustTokenPrivileges, ConvertSidToStringSidW, RegSetValueExW, CryptHashData, InitiateSystemShutdownExW, CryptCreateHash |
SHLWAPI.dll | wvnsprintfW, PathIsDirectoryW, PathFindFileNameW, PathAddBackslashW, SHDeleteValueW, PathSkipRootW, SHDeleteKeyW, PathRemoveFileSpecW, UrlUnescapeA, StrStrIA, PathMatchSpecW, StrCmpNIA, wvnsprintfA, PathUnquoteSpacesW, PathIsURLW, PathQuoteSpacesW, StrCmpNIW, PathRemoveBackslashW, PathAddExtensionW, StrStrIW, PathCombineW, PathRenameExtensionW |
SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, ShellExecuteW |
Secur32.dll | GetUserNameExW |
ole32.dll | StringFromGUID2, CLSIDFromString, CoUninitialize, CoCreateInstance, CoInitializeEx |
WS2_32.dll | accept, listen, WSASend, WSASetLastError, socket, recv, bind, WSAEventSelect, WSAIoctl, connect, WSAAddressToStringW, WSAStartup, recvfrom, getaddrinfo, select, WSAGetLastError, getsockname, shutdown, setsockopt, sendto, getpeername, closesocket, send, freeaddrinfo |
CRYPT32.dll | PFXImportCertStore, CertOpenSystemStoreW, CertCloseStore, CertEnumCertificatesInStore, CertDuplicateCertificateContext, PFXExportCertStoreEx, CertDeleteCertificateFromStore |
WININET.dll | InternetCrackUrlA, HttpAddRequestHeadersW, InternetSetStatusCallbackW, GetUrlCacheEntryInfoW, InternetQueryOptionA, InternetSetOptionA, HttpSendRequestW, InternetReadFile, InternetReadFileExA, InternetQueryDataAvailable, HttpSendRequestExW, HttpSendRequestExA, InternetCloseHandle, InternetOpenA, HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, InternetConnectA, HttpQueryInfoA |
OLEAUT32.dll | VariantInit, VariantClear, SysAllocString, SysFreeString |
NETAPI32.dll | NetUserEnum, NetApiBufferFree, NetUserGetInfo |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:51:29 |
Start date: | 25/02/2021 |
Path: | C:\Users\user\Desktop\executable.4080.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 118784 bytes |
MD5 hash: | 9B6886089B69BC227E48ACCB63231096 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 0.7% |
Dynamic/Decrypted Code Coverage: | 4.5% |
Signature Coverage: | 15.7% |
Total number of Nodes: | 560 |
Total number of Limit Nodes: | 5 |
Graph
Executed Functions |
---|
Function 0040779B, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 111memorynetworkCOMMON
Control-flow Graph |
---|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F7F, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 276sleepsynchronizationCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8FE, Relevance: 10.6, APIs: 7, Instructions: 64COMMON
Control-flow Graph |
---|
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00411408, Relevance: 82.6, APIs: 27, Strings: 20, Instructions: 393libraryloaderwindowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 39% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405841, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 121memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408C33, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 180libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040540A, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146memoryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041267A, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 112encryptiontimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412AC1, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F61D, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 90libraryloaderprocessCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B4D8, Relevance: 10.6, APIs: 7, Instructions: 109sleepfilesynchronizationCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC31, Relevance: 10.6, APIs: 7, Instructions: 78filememorysynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004034F6, Relevance: 9.1, APIs: 6, Instructions: 81threadnativeinjectionCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041280F, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 90timeCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B41D, Relevance: 7.6, APIs: 5, Instructions: 61fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415300, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29shutdownCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F810, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041000E, Relevance: 1.5, APIs: 1, Instructions: 41comCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409921, Relevance: 1.5, APIs: 1, Instructions: 21timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CCE, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
C-Code - Quality: 41% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C570, Relevance: .2, Instructions: 190COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B65A, Relevance: .1, Instructions: 72COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EBCB, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004073D9, Relevance: 35.1, APIs: 9, Strings: 11, Instructions: 82libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404846, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 176networkCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B9D, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 148memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040618E, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 156registrymemoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040851A, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 84libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040643F, Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 158registrymemoryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E223, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 52libraryloadermemoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406929, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 140registrymemoryCOMMON
C-Code - Quality: 60% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408E58, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 101sleepCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DB1, Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 41libraryloaderCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406664, Relevance: 16.7, APIs: 5, Strings: 6, Instructions: 174memoryCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404375, Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 340timenetworkCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404065, Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 276networkCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AAD7, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 67networkCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040926B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 158memorysynchronizationthreadCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403615, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62librarystringloaderCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041415B, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 30libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411226, Relevance: 12.2, APIs: 8, Instructions: 151synchronizationnetworkCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411E7C, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 198stringCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F44B, Relevance: 10.6, APIs: 7, Instructions: 76COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EEE6, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415834, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E875, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413360, Relevance: 9.2, APIs: 6, Instructions: 154COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413B6A, Relevance: 9.1, APIs: 6, Instructions: 54synchronizationthreadinjectionCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A9C3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46networkCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AE3B, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410821, Relevance: 7.6, APIs: 5, Instructions: 111fileCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004090AC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EF91, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EE27, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F502, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415520, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 86stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041096F, Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCC2, Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004157C7, Relevance: 6.0, APIs: 4, Instructions: 40threadsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E302, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408399, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412923, Relevance: 5.1, APIs: 4, Instructions: 72COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |