Analysis Report RFlc8JHObG
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 1_2_00409D29 | |
Source: | Code function: | 1_2_004123AB |
Compliance: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 1_2_004054D0 |
Source: | Code function: | 1_2_0041652E | |
Source: | Code function: | 1_2_004165E9 |
Source: | Code function: | 1_2_0041404D |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_0040ED74 | |
Source: | Code function: | 1_2_0040E904 | |
Source: | Code function: | 1_2_0040E9BB |
Source: | Code function: | 1_2_00412A28 |
Source: | Code function: | 1_2_0040716E | |
Source: | Code function: | 1_2_0040D61F |
Source: | Code function: | 1_2_00413E5D | |
Source: | Code function: | 1_2_0040168B | |
Source: | Code function: | 1_2_004122B7 | |
Source: | Code function: | 1_2_02442209 | |
Source: | Code function: | 1_2_02457E13 | |
Source: | Code function: | 1_2_02459A29 | |
Source: | Code function: | 1_2_02442699 | |
Source: | Code function: | 1_2_024590B3 | |
Source: | Code function: | 1_2_024595E0 | |
Source: | Code function: | 1_2_0244266E | |
Source: | Code function: | 1_2_02442F44 | |
Source: | Code function: | 1_2_0245AB1C | |
Source: | Code function: | 1_2_024413C7 | |
Source: | Code function: | 1_2_02459F88 | |
Source: | Code function: | 1_2_0245AC60 | |
Source: | Code function: | 1_2_02441000 | |
Source: | Code function: | 1_2_024598C3 | |
Source: | Code function: | 1_2_0245B0E3 | |
Source: | Code function: | 1_2_0245890F | |
Source: | Code function: | 1_2_0245A912 | |
Source: | Code function: | 1_2_0245A9BA |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_0040D4F4 | |
Source: | Code function: | 1_2_0040760C |
Source: | Code function: | 1_2_004127D2 |
Source: | Code function: | 1_2_0040CC7E |
Source: | Code function: | 1_2_0040A448 |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00414CC6 |
Source: | Code function: | 1_2_00401924 | |
Source: | Code function: | 1_2_00401FF0 | |
Source: | Code function: | 1_2_00401FC0 | |
Source: | Code function: | 1_2_024478AD | |
Source: | Code function: | 1_2_024445FB |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_0041652E | |
Source: | Code function: | 1_2_004165E9 |
Source: | Code function: | 1_2_0040ED74 |
Source: | Code function: | 1_2_00414CC6 |
Source: | Code function: | 1_2_004061F9 |
Source: | Code function: | 1_2_00406532 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_004145CF |
Source: | Code function: | 1_2_00411208 |
Source: | Code function: | 1_2_004104D7 |
Source: | Code function: | 1_2_00411230 |
Source: | Code function: | 1_2_004078CA |
Source: | Binary or memory string: |
Source: | Code function: | 1_2_00414400 | |
Source: | Code function: | 1_2_00414164 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Native API1 | Valid Accounts1 | Valid Accounts1 | Valid Accounts1 | OS Credential Dumping | Network Share Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Access Token Manipulation11 | Access Token Manipulation11 | LSASS Memory | System Time Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information2 | Security Account Manager | Security Software Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Install Root Certificate1 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing23 | LSA Secrets | Account Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Owner/User Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
85% | Virustotal | Browse | ||
88% | ReversingLabs | Win32.Trojan.Zeus | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Kazy.MK | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Kazy.MK | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 372416 |
Start date: | 20.03.2021 |
Start time: | 14:07:10 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | RFlc8JHObG (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.186773887815174 |
TrID: |
|
File name: | RFlc8JHObG.exe |
File size: | 130560 |
MD5: | 9babe52f985b2b4193113d5c260eb195 |
SHA1: | b4b4772d485d7d4192774aca3a9c594f82717adb |
SHA256: | ca2ab2eb8249afceb6b9f42bac54fe8635fb5ccbf4e497c35ed700d9dae1c2d1 |
SHA512: | 61f41678334ea638dd3dc02d280739910d4b64cc31289c3f99bf41067bdfee1a9ab2114920b7b162862046b06d59d2bb6168557cc1a4463113a2ad00f526af8b |
SSDEEP: | 3072:WhBFnGu6BYxbu75pZlgpXor85hfuHwhxqn9fI2uW+It:WhHGzK475pUpXiwgxExIt |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........9@d.j@d.j@d.j@d.jMd.jI..jQd.j[.9jOd.j[..jAd.j[..jAd.j[..jAd.jRich@d.j........PE..L....!.M................................... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401ee0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | |
Time Stamp: | 0x4D8C21A2 [Fri Mar 25 05:01:22 2011 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | d2d0d8d094caedbfe934e30be29bea57 |
Entrypoint Preview |
---|
Instruction |
---|
xor eax, eax |
xor eax, 000077A8h |
push ebp |
mov ebp, esp |
sub esp, 10h |
push esi |
inc esi |
mov esi, dword ptr [0043C00Ch] |
and dword ptr [0040978Dh], 004097FDh |
mov dword ptr [ebp-0Ch], C6F8E435h |
sub dword ptr [00409741h], 00000A4Ch |
push 004092F8h |
mov dword ptr [ebp-0Ch], C6F8E434h |
or dword ptr [0040974Dh], 0000382Ch |
call esi |
mov dword ptr [00409811h], 00003433h |
cmp eax, 00000498h |
jng 00007F2C58B3B831h |
sbb dword ptr [00409805h], 004097CDh |
xor eax, eax |
mov dword ptr [00409811h], 00001618h |
jmp 00007F2C58B3BA71h |
mov dword ptr [00409861h], 00001374h |
push 00409318h |
or dword ptr [00409839h], 00409815h |
call esi |
mov dword ptr [0040974Dh], 00005BB7h |
cmp eax, 00000837h |
jnl 00007F2C58B3B7CBh |
mov eax, dword ptr [0040977Dh] |
mov eax, dword ptr [0040942Ch] |
cmp eax, 919D6EFDh |
mov dword ptr [0040978Dh], 00006584h |
jne 00007F2C58B3B82Ah |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3c014 | 0x257 | .itext |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3e664 | 0x23c | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d000 | 0x8e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3e000 | 0x638 | .idata |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x3c000 | 0x14 | .itext |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x7029 | 0x7200 | False | 0.791563870614 | data | 6.99040926415 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x32f3e | 0x17200 | False | 0.825274493243 | data | 7.18553169486 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.itext | 0x3c000 | 0x26b | 0x400 | False | 0.2412109375 | data | 3.78647081365 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x3d000 | 0x8e8 | 0xa00 | False | 0.459375 | data | 3.29475958072 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.idata | 0x3e000 | 0x6fe | 0x800 | False | 0.7529296875 | data | 6.17155304092 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_DIALOG | 0x3d31c | 0x27c | data | English | United States |
RT_DIALOG | 0x3d598 | 0x350 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
USER32.dll | GetWindowDC, IsCharAlphaNumericW |
KERNEL32.dll | lstrlenW |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:07:52 |
Start date: | 20/03/2021 |
Path: | C:\Users\user\Desktop\RFlc8JHObG.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 130560 bytes |
MD5 hash: | 9BABE52F985B2B4193113D5C260EB195 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00406532, Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 231libraryloadermemoryCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02457E13, Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 694memoryCOMMONCrypto
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024595E0, Relevance: 3.2, APIs: 2, Instructions: 250libraryloaderCOMMONCrypto
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 33% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0244266E, Relevance: .3, Instructions: 317COMMONCrypto
C-Code - Quality: 50% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415552, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004074B5, Relevance: 9.1, APIs: 6, Instructions: 83sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245B1FE, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040716E, Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 243synchronizationsleepshutdownCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414CC6, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 52libraryloadermemoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054D0, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188libraryloaderCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412A28, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 90libraryloaderprocessCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040760C, Relevance: 12.1, APIs: 8, Instructions: 119encryptiontimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004165E9, Relevance: 10.6, APIs: 7, Instructions: 109sleepfilesynchronizationCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9BB, Relevance: 9.1, APIs: 6, Instructions: 83threadnativeinjectionCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041652E, Relevance: 7.6, APIs: 5, Instructions: 61fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D61F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45shutdownCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411208, Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A448, Relevance: 1.7, APIs: 1, Instructions: 179comCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004078CA, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411230, Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ED74, Relevance: 1.4, Strings: 1, Instructions: 113COMMON
C-Code - Quality: 66% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024413C7, Relevance: .5, Instructions: 492COMMONCrypto
C-Code - Quality: 85% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245AC60, Relevance: .4, Instructions: 382COMMONCrypto
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02442F44, Relevance: .3, Instructions: 311COMMONCrypto
C-Code - Quality: 47% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040168B, Relevance: .2, Instructions: 236COMMONCrypto
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245890F, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02441000, Relevance: .2, Instructions: 193COMMONCrypto
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02459F88, Relevance: .2, Instructions: 192COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413E5D, Relevance: .2, Instructions: 190COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245A9BA, Relevance: .1, Instructions: 123COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024598C3, Relevance: .1, Instructions: 121COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245AB1C, Relevance: .1, Instructions: 107COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004122B7, Relevance: .1, Instructions: 70COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0245A912, Relevance: .1, Instructions: 64COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004061F9, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417E1B, Relevance: 25.7, APIs: 17, Instructions: 205filewindowregistryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408F03, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 182networkCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418086, Relevance: 18.1, APIs: 12, Instructions: 78filesynchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040641D, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CFC, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99libraryloaderCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412DEE, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 67networkCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EF97, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 36libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004156FA, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 108injectionCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EAE4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61librarystringloaderCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CBA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 30libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE43, Relevance: 12.2, APIs: 8, Instructions: 165COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F175, Relevance: 12.2, APIs: 8, Instructions: 152synchronizationnetworkCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408A1C, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 365timenetworkCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004108E5, Relevance: 10.7, APIs: 7, Instructions: 220filestringsynchronizationCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041285A, Relevance: 10.6, APIs: 7, Instructions: 74COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004154C9, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FA7B, Relevance: 9.2, APIs: 6, Instructions: 215COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AFE4, Relevance: 9.2, APIs: 6, Instructions: 175COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ABED, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040570F, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412F48, Relevance: 9.1, APIs: 6, Instructions: 74filesynchronizationnetworkCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417C8C, Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBF5, Relevance: 9.1, APIs: 6, Instructions: 54synchronizationthreadinjectionCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412CDA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46networkCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041314E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A76B, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416D90, Relevance: 7.6, APIs: 5, Instructions: 111fileCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004174C5, Relevance: 7.6, APIs: 5, Instructions: 99COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418B1A, Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CB2, Relevance: 7.6, APIs: 5, Instructions: 71synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417BF9, Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E1F, Relevance: 7.5, APIs: 5, Instructions: 32synchronizationwindowCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004085D4, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 379networkCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418161, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416070, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041290D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EB3, Relevance: 6.3, APIs: 4, Instructions: 303COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418993, Relevance: 6.1, APIs: 4, Instructions: 129COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416EDE, Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C3C, Relevance: 6.0, APIs: 4, Instructions: 45threadsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041474D, Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040845B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127networkCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407781, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101timeCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406FCD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BC3A, Relevance: 5.2, APIs: 4, Instructions: 197COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |