Analysis Report Covid21 2.0.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: | |||
Source: | ReversingLabs: | |||
Source: | ReversingLabs: | |||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Code function: | 6_2_0040850C | |
Source: | Code function: | 6_2_00408604 | |
Source: | Code function: | 6_2_00405210 | |
Source: | Code function: | 12_2_00404F24 | |
Source: | Code function: | 13_2_00404EB8 | |
Source: | Code function: | 18_2_0043892A | |
Source: | Code function: | 18_2_00424873 | |
Source: | Code function: | 18_2_00423AD5 | |
Source: | Code function: | 18_2_0040A357 | |
Source: | Code function: | 18_2_0042C368 | |
Source: | Code function: | 18_2_00423D09 | |
Source: | Code function: | 18_2_00423DE4 | |
Source: | Code function: | 18_2_00424DBB | |
Source: | Code function: | 18_2_0042C603 | |
Source: | Code function: | 18_2_00439FDC |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 18_2_00443AE3 |
Source: | Code function: | 6_2_004218AC |
Source: | Code function: | 18_2_00420B07 |
Source: | Code function: | 6_2_00435EB4 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00405D3C |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionalty to change the wallpaper | Show sources |
Source: | Code function: | 6_2_0046CF80 |
Operating System Destruction: |
---|
Protects its processes via BreakOnTermination flag | Show sources |
Source: | Process information set: |
System Summary: |
---|
Sample or dropped binary is a compiled AutoHotkey binary | Show sources |
Source: | Window found: | Jump to behavior |
Source: | Code function: | 0_2_00404714 | |
Source: | Code function: | 0_2_00407E1A | |
Source: | Code function: | 6_2_00439164 | |
Source: | Code function: | 6_2_0045543C | |
Source: | Code function: | 6_2_0042E49C | |
Source: | Code function: | 6_2_00449828 | |
Source: | Code function: | 6_2_00455BEC | |
Source: | Code function: | 6_2_00455CB0 | |
Source: | Code function: | 12_2_00432908 | |
Source: | Code function: | 12_2_0044CEA8 | |
Source: | Code function: | 12_2_004421FC | |
Source: | Code function: | 12_2_0042738C | |
Source: | Code function: | 12_2_0044D650 | |
Source: | Code function: | 12_2_0044D700 | |
Source: | Code function: | 13_2_0044A410 | |
Source: | Code function: | 13_2_00424BF0 | |
Source: | Code function: | 13_2_0044ABB8 | |
Source: | Code function: | 13_2_0044AC68 | |
Source: | Code function: | 13_2_0043F764 | |
Source: | Code function: | 13_2_0042FFB8 | |
Source: | Code function: | 30_2_00428F5C | |
Source: | Code function: | 30_2_0042220A | |
Source: | Code function: | 30_2_00422218 | |
Source: | Code function: | 30_2_0042E808 |
Source: | Code function: | 18_2_004234E7 |
Source: | Code function: | 18_2_0042CAA7 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00406960 | |
Source: | Code function: | 0_2_00406C10 | |
Source: | Code function: | 6_2_00458A98 | |
Source: | Code function: | 6_2_0044EE08 | |
Source: | Code function: | 6_2_00465050 | |
Source: | Code function: | 6_2_00449828 | |
Source: | Code function: | 6_2_00463A68 | |
Source: | Code function: | 12_2_004421FC | |
Source: | Code function: | 12_2_004473A0 | |
Source: | Code function: | 12_2_0041B3AA | |
Source: | Code function: | 13_2_00444908 | |
Source: | Code function: | 13_2_0043F764 | |
Source: | Code function: | 18_2_004075C4 | |
Source: | Code function: | 18_2_0040DE8C | |
Source: | Code function: | 18_2_00458854 | |
Source: | Code function: | 18_2_00424873 | |
Source: | Code function: | 18_2_0044207B | |
Source: | Code function: | 18_2_00414803 | |
Source: | Code function: | 18_2_004071FF | |
Source: | Code function: | 18_2_0044522E | |
Source: | Code function: | 18_2_0044B395 | |
Source: | Code function: | 18_2_00421466 | |
Source: | Code function: | 18_2_00452C20 | |
Source: | Code function: | 18_2_0042F514 | |
Source: | Code function: | 18_2_00450529 | |
Source: | Code function: | 18_2_00449D8E | |
Source: | Code function: | 18_2_0042963D | |
Source: | Code function: | 18_2_0040CF24 | |
Source: | Code function: | 18_2_0041B735 | |
Source: | Code function: | 18_2_0044179A | |
Source: | Code function: | 30_2_0042E58C |
Source: | Dropped File: | ||
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 6_2_0041EC2C |
Source: | Code function: | 18_2_0042CAA7 |
Source: | Code function: | 6_2_00408862 |
Source: | Code function: | 18_2_0042B61C |
Source: | Code function: | 0_2_004020C9 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Process created: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | |||
Source: | Key opened: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Code function: | 0_2_00405EB2 |
Source: | Code function: | 0_2_004780AE | |
Source: | Code function: | 0_2_004780E5 | |
Source: | Code function: | 0_2_00477647 | |
Source: | Code function: | 0_2_004776F1 | |
Source: | Code function: | 0_2_00477821 | |
Source: | Code function: | 0_2_0046DAFD | |
Source: | Code function: | 0_2_0046CBA2 | |
Source: | Code function: | 0_2_00473B06 | |
Source: | Code function: | 0_2_0046DE0D | |
Source: | Code function: | 0_2_0046CDA1 | |
Source: | Code function: | 0_2_00469DF5 | |
Source: | Code function: | 0_2_0046CE31 | |
Source: | Code function: | 6_2_00441115 | |
Source: | Code function: | 6_2_0040D693 | |
Source: | Code function: | 6_2_00405D8D | |
Source: | Code function: | 6_2_00442084 | |
Source: | Code function: | 6_2_004162BA | |
Source: | Code function: | 6_2_004423A0 | |
Source: | Code function: | 6_2_0044A38B | |
Source: | Code function: | 6_2_004284C2 | |
Source: | Code function: | 6_2_0042E60C | |
Source: | Code function: | 6_2_0042E660 | |
Source: | Code function: | 6_2_00410832 | |
Source: | Code function: | 6_2_00410832 | |
Source: | Code function: | 6_2_0042C868 | |
Source: | Code function: | 6_2_0042C8A0 | |
Source: | Code function: | 6_2_0042C830 | |
Source: | Code function: | 6_2_004108DC | |
Source: | Code function: | 6_2_00410A0C | |
Source: | Code function: | 6_2_0042C910 | |
Source: | Code function: | 6_2_0042C8D8 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Command shell drops VBS files | Show sources |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Uses cmd line tools excessively to alter registry or file data | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Writes directly to the primary disk partition (DR0) | Show sources |
Source: | File written: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Source: | Registry value created or modified: | ||
Source: | Registry value created or modified: |
Source: | Code function: | 6_2_004554C4 | |
Source: | Code function: | 6_2_00452098 | |
Source: | Code function: | 6_2_0043AB48 | |
Source: | Code function: | 6_2_0043B440 | |
Source: | Code function: | 6_2_00425458 | |
Source: | Code function: | 6_2_00455BEC | |
Source: | Code function: | 6_2_00455CB0 | |
Source: | Code function: | 6_2_0043BD64 | |
Source: | Code function: | 12_2_0044CF30 | |
Source: | Code function: | 12_2_00449F58 | |
Source: | Code function: | 12_2_0043402C | |
Source: | Code function: | 12_2_004348E0 | |
Source: | Code function: | 12_2_00435160 | |
Source: | Code function: | 12_2_0044D650 | |
Source: | Code function: | 12_2_0044D700 | |
Source: | Code function: | 12_2_0042397C | |
Source: | Code function: | 13_2_0044A498 | |
Source: | Code function: | 13_2_00432810 | |
Source: | Code function: | 13_2_0044ABB8 | |
Source: | Code function: | 13_2_0044AC68 | |
Source: | Code function: | 13_2_004474C0 | |
Source: | Code function: | 13_2_004316DC | |
Source: | Code function: | 13_2_00421D38 | |
Source: | Code function: | 13_2_00431F90 | |
Source: | Code function: | 18_2_0043A0D6 | |
Source: | Code function: | 18_2_004360F9 | |
Source: | Code function: | 18_2_004360F9 | |
Source: | Code function: | 18_2_0043536F | |
Source: | Code function: | 18_2_0043C3F2 | |
Source: | Code function: | 18_2_00439C0E | |
Source: | Code function: | 18_2_0044C66D | |
Source: | Code function: | 18_2_00431E81 | |
Source: | Code function: | 18_2_0042CF3C | |
Source: | Code function: | 30_2_00428FE4 | |
Source: | Code function: | 30_2_0041F210 | |
Source: | Code function: | 30_2_0041E320 | |
Source: | Code function: | 30_2_0041EABA | |
Source: | Code function: | 30_2_0041EABC | |
Source: | Code function: | 30_2_004275F8 | |
Source: | Code function: | 30_2_00429678 | |
Source: | Code function: | 30_2_004296C0 |
Source: | Code function: | 6_2_00440A48 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Contains functionality to detect sleep reduction / modifications | Show sources |
Source: | Code function: | 12_2_004294BC | |
Source: | Code function: | 13_2_00426D20 |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 6_2_0045478C | |
Source: | Code function: | 12_2_0044C4A0 | |
Source: | Code function: | 13_2_00449A08 | |
Source: | Code function: | 30_2_00428764 |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: | |||
Source: | Window found: |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 12_2_004294BC | |
Source: | Code function: | 13_2_00426D20 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: | |||
Source: | Thread sleep count: |
Source: | File opened: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 6_2_0040850C | |
Source: | Code function: | 6_2_00408604 | |
Source: | Code function: | 6_2_00405210 | |
Source: | Code function: | 12_2_00404F24 | |
Source: | Code function: | 13_2_00404EB8 | |
Source: | Code function: | 18_2_0043892A | |
Source: | Code function: | 18_2_00424873 | |
Source: | Code function: | 18_2_00423AD5 | |
Source: | Code function: | 18_2_0040A357 | |
Source: | Code function: | 18_2_0042C368 | |
Source: | Code function: | 18_2_00423D09 | |
Source: | Code function: | 18_2_00423DE4 | |
Source: | Code function: | 18_2_00424DBB | |
Source: | Code function: | 18_2_0042C603 | |
Source: | Code function: | 18_2_00439FDC |
Source: | Code function: | 12_2_0041DBAC |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Anti Debugging: |
---|
Found API chain indicative of debugger detection | Show sources |
Source: | Debugger detection routine: | ||
Source: | Debugger detection routine: |
Source: | Process queried: |
Source: | Code function: | 0_2_00405EB2 |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Code function: | 0_2_00403B70 | |
Source: | Code function: | 0_2_00403CC0 | |
Source: | Code function: | 23_2_004011B0 | |
Source: | Code function: | 23_2_00402C58 | |
Source: | Code function: | 23_2_00402290 | |
Source: | Code function: | 27_2_00401179 | |
Source: | Code function: | 27_2_0040201C | |
Source: | Code function: | 27_2_00402020 |
Source: | Code function: | 18_2_0040EFDE |
Source: | Code function: | 18_2_004132DA |
Source: | Code function: | 18_2_0041380D |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 6_2_004053D4 | |
Source: | Code function: | 6_2_0040B068 | |
Source: | Code function: | 6_2_0040B0B4 | |
Source: | Code function: | 6_2_004054E0 | |
Source: | Code function: | 6_2_00405CCE | |
Source: | Code function: | 6_2_00405CD0 | |
Source: | Code function: | 12_2_004050DC | |
Source: | Code function: | 12_2_0040A9FC | |
Source: | Code function: | 12_2_0040AA48 | |
Source: | Code function: | 12_2_004051E8 | |
Source: | Code function: | 12_2_004059D2 | |
Source: | Code function: | 12_2_004059D4 | |
Source: | Code function: | 12_2_0040BFE8 | |
Source: | Code function: | 13_2_00405070 | |
Source: | Code function: | 13_2_0040A8B4 | |
Source: | Code function: | 13_2_0040A900 | |
Source: | Code function: | 13_2_0040517C | |
Source: | Code function: | 13_2_00405966 | |
Source: | Code function: | 13_2_00405968 | |
Source: | Code function: | 13_2_0040BE14 | |
Source: | Code function: | 18_2_0043DE27 | |
Source: | Code function: | 30_2_004043C8 | |
Source: | Code function: | 30_2_004082D0 | |
Source: | Code function: | 30_2_0040831C |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 6_2_00409B44 |
Source: | Code function: | 18_2_00419AF0 |
Source: | Code function: | 0_2_00403CD7 |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Disables the Windows task manager (taskmgr) | Show sources |
Source: | Registry key created or modified: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Application Shimming1 | Exploitation for Privilege Escalation1 | Disable or Modify Tools11 | Input Capture31 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scripting112 | Scheduled Task/Job1 | Application Shimming1 | Deobfuscate/Decode Files or Information1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Screen Capture1 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Defacement1 |
Domain Accounts | Native API1 | Registry Run Keys / Startup Folder1 | Access Token Manipulation1 | Scripting112 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Input Capture31 | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | Command and Scripting Interpreter1 | Bootkit1 | Process Injection12 | Obfuscated Files or Information21 | NTDS | System Information Discovery37 | Distributed Component Object Model | Clipboard Data2 | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Scheduled Task/Job1 | Network Logon Script | Scheduled Task/Job1 | Software Packing21 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Registry Run Keys / Startup Folder1 | Masquerading1 | Cached Domain Credentials | Security Software Discovery351 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Modify Registry1 | DCSync | Virtualization/Sandbox Evasion15 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion15 | Proc Filesystem | Process Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Access Token Manipulation1 | /etc/passwd and /etc/shadow | Application Window Discovery11 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Process Injection12 | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Bootkit1 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
70% | Virustotal | Browse | ||
30% | Metadefender | Browse | ||
75% | ReversingLabs | Win32.Trojan.DiskWriter | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1133501 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
4% | Virustotal | Browse | ||
8% | Metadefender | Browse | ||
0% | ReversingLabs | |||
8% | ReversingLabs | |||
82% | ReversingLabs | Win32.Trojan.KillMbr | ||
13% | ReversingLabs | |||
6% | Metadefender | Browse | ||
48% | ReversingLabs | Win32.Downloader.Convagent | ||
36% | Metadefender | Browse | ||
62% | ReversingLabs | Win32.PUA.BlurScrn | ||
0% | Metadefender | Browse | ||
7% | ReversingLabs | |||
8% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | HEUR/AGEN.1133501 | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 377010 |
Start date: | 28.03.2021 |
Start time: | 15:52:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Covid21 2.0.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Critical Process Termination |
Detection: | MAL |
Classification: | mal84.rans.evad.winEXE@73/19@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:53:32 | API Interceptor | |
15:54:02 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\2526.tmp\Corona.exe | Get hash | malicious | Browse | ||
C:\Users\user\AppData\Local\Temp\2526.tmp\icons.exe | Get hash | malicious | Browse | ||
C:\Users\user\AppData\Local\Temp\2526.tmp\CLWCP.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\2526.tmp\PayloadMBR.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 517120 |
Entropy (8bit): | 6.5991952372789155 |
Encrypted: | false |
SSDEEP: | 12288:kDupRTrjf1nJp2NLtVu4jPau4p+lE3dWq:SExrj1DAt84DaTU4dW |
MD5: | E62EE6F1EFC85CB36D62AB779DB6E4EC |
SHA1: | DA07EC94CF2CB2B430E15BD0C5084996A47EE649 |
SHA-256: | 13B4EC59785A1B367EFB691A3D5C86EB5AAF1CA0062521C4782E1BAAC6633F8A |
SHA-512: | 8142086979EC1CA9675418E94326A40078400AFF8587FC613E17164E034BADD828E9615589E6CB8B9339DA7CDC9BCB8C48E0890C5F288068F4B86FF659670A69 |
Malicious: | true |
Antivirus: | |
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 531456 |
Entropy (8bit): | 7.007155751747995 |
Encrypted: | false |
SSDEEP: | 12288:bt007p82D5NYQ1bjLXHfNOTliq6G8/Q3Uk+leP4RG3:2qpzvYQ1Tfoi8b3U1kaq |
MD5: | 6374CA8AD59246DFED4794FD788D6560 |
SHA1: | D54281430AD11272F657DE4E909B4BA7B8561821 |
SHA-256: | 25B6F4ABC0B8A7A3F3CAE54A2F75810B977C0F5ED20AF98E77BE9449E7135108 |
SHA-512: | 0434F5C6ECD1A036A59E2F5DE56F0905460D46C31FFF6A7F160F54CFBCB56EA2DA22647D564E53D66C47A789A67D165C59E64D924B0F2CF80FDCD865847A772F |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1444 |
Entropy (8bit): | 5.183015206655524 |
Encrypted: | false |
SSDEEP: | 24:YfzzhPV10V1+Vb+OV3q1gvV1Y5U2VVjfA+ifuhwXVCRB3aoSOZcRWm:YRPq+8OZq1gvAU2fTAnfuhwFCRB3ayeP |
MD5: | 6B89A7FD6E3D9BDC4658162AAF468558 |
SHA1: | F8EF11B2420B95661565B799D86C188BF11BF4A7 |
SHA-256: | 76986CDDBFEB8FA8738C8CA2665A7F91D19D1E8C6851151FCBA5164E35618DFB |
SHA-512: | F9B3338B65D5CA6CC25B1C36B2C3299D758D5E7AC92E6FD8D0298F945E898C51E548323F86A12983BB375E49404CB6B401F5472BBB580A6675DF57277045EF12 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 103424 |
Entropy (8bit): | 6.182089878681113 |
Encrypted: | false |
SSDEEP: | 3072:wCGPVHzzgd2HPVVf9AebuLFfK9s7I+PnNgDd9:wrak9gor+Pn6 |
MD5: | D917AF256A1D20B4EAC477CDB189367B |
SHA1: | 6C2FA4648B16B89C4F5664F1C3490EC2022EB5DD |
SHA-256: | E40F57F6693F4B817BEB50DE68027AABBB0376CA94A774F86E3833BAF93DC4C0 |
SHA-512: | FD2CB0FB398A5DDD0A52CF2EFC733C606884AA68EC406BDBDDB3A41B31D6F9C0F0C4837326A9D53B53202792867901899A8CF5024A5E542E8BDCEE615BE0B707 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48 |
Entropy (8bit): | 4.292962241741917 |
Encrypted: | false |
SSDEEP: | 3:jTDVJWoHgKTHd6vJcn:/etmdEJcn |
MD5: | 08437E731C7B135B3779B004C7863E5F |
SHA1: | 24CE5D4075FDC5AFEC6CB87CACFC7B54DEADC3EC |
SHA-256: | 043B49FBBE070997844A2C4467596553261BFB6EA79AC3C50FABD42146EEA924 |
SHA-512: | 6006014B10F400B6975B391BE64E07E78FE5A3818CD39A0A8F9349C4CFF595134FB5217BEB5205E04EAB86473C4FA0F6701B657D76C144540AA468D2D382C8A1 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 170445 |
Entropy (8bit): | 7.987389688426996 |
Encrypted: | false |
SSDEEP: | 3072:mTwQIE+8Tj6wFrxGxGtSdWyCmI5KkeD8vcWtTH3Mi/gc+P9IP7HwKFKBlrF:qOE+o6hgcYLmI5+8k+TH3Mi/J+Pi7Hwn |
MD5: | 94AD752ABC09644D0B91A07022ECB000 |
SHA1: | 7EE97DC56E62E7B2D86EE892E7CF70673252242F |
SHA-256: | E3760C671CEC108580D47B0F8C11AE79E9DF9941D2E878032EEDA1B510F91231 |
SHA-512: | 9C0109A8E7DE5EA42B3CE8788A412F6ED1158AFD3DB87884034631DA15EC4C16275F0578C6AD438E91DC203C89AEF725D2642E06B751DF5CFF0D47B3D9A1AD1E |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 107828 |
Entropy (8bit): | 5.4025127824732335 |
Encrypted: | false |
SSDEEP: | 1536:eb4k5iT76crYyIyLIOwu3yUywCbsR+EKDyfq1aX:eb4N36cHIyLGMbzX |
MD5: | 3CA1D5768C2944D4284B1541653823C7 |
SHA1: | 85CF021AC23CD1340C6D649E6A77A213C1F848B6 |
SHA-256: | 4172C6120F8F98685698365D6DD52C80EB2080203CDDE479009BF8F4FA770AF0 |
SHA-512: | 7972ADB329DBEBC347B8A68789BBAC4BA7C230CC980910D18A322D1A512015633D2A5801E76C0AAE2FCFE120790C69417864549787DFC37574FB0AA3BFC202F0 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 367616 |
Entropy (8bit): | 6.563758955317025 |
Encrypted: | false |
SSDEEP: | 6144:qizJVFAO7rdGlh4sQstCPhiomhiGM80JCMlTe06z0aPawSoQBAlAq4SYwhl:RJ/AO7rAlys3tCj80x6zlawSo5Aq4Xwv |
MD5: | EBB811D0396C06A70FE74D9B23679446 |
SHA1: | E375F124A8284479DD052161A07F57DE28397638 |
SHA-256: | 28E979002CB4DB546BF9D9D58F5A55FD8319BE638A0974C634CAE6E7E9DBCD89 |
SHA-512: | 1DE3DCD856F30004BECEE7C769D62530F3A5E9785C853537ADC0A387D461C97B305F75CBAF13F278DD72BA22D4650E92C48EDF3C3A74B13ED68FFC0D45E13774 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133205 |
Entropy (8bit): | 5.137252527177841 |
Encrypted: | false |
SSDEEP: | 1536:cPFc9HtJsjy6maNXRBOseWG7NVW/ZTAUvMFMQiNXR/QRBX1bXckplRU:sS9N+fB47NVW/ZToWRofXZX5lRU |
MD5: | A4E26D32F9655DBE8EFD276A530EB02B |
SHA1: | D194526518FDDD34BFC75CC0575D9B5CF3E1E304 |
SHA-256: | 4C2277C81CBF6C415AB874CFB32D3B0049C8B18AC7EEE1DD6C1F5D9F5F043C83 |
SHA-512: | E77C58B321A1C696554B018CC51FAD2F2DF4BAC39FA90F17A83EC646C90D67B6DA5FCCB2E80C468E2CF32CC7F9F3F62B160C3F0AFBC2130FAA1002ECDE5B5676 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 188 |
Entropy (8bit): | 4.787831418201213 |
Encrypted: | false |
SSDEEP: | 3:KRCWhCOHGJ5FcFP01RFPKO9/zRWPxBIXFMlkLvxWeeXlVSpXAov/FLVS9AD:KI/NJSyd/sKFMlCvxW3S3NpSyD |
MD5: | 82C0A5E92259FF193B914E6C0D7C8A7A |
SHA1: | ED6868EFF7055555689E613A62F4275EAFA97C36 |
SHA-256: | 02E3663BB7BC9F8FE4377887DC24E63FC83187BE9CB0181F87E5F93AF4C7CA8B |
SHA-512: | 43C1EF453531200DD625945A65727DAEF28EE480FB210E97846633841F8215261E3195A8BE77C280E8B6FE193B59C7367302C3FC74879B5952FA31F3235DDB62 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 113664 |
Entropy (8bit): | 7.838778904595643 |
Encrypted: | false |
SSDEEP: | 1536:o0J9QXrssV7g4Rq3b24oFDo2mL7oagiBGVHo8J75qUbGuNxTJeqq62hxcmpn6izz:o0J9QbLkewys+C6pNxFE7Z6wAO |
MD5: | E87A04C270F98BB6B5677CC789D1AD1D |
SHA1: | 8C14CB338E23D4A82F6310D13B36729E543FF0CA |
SHA-256: | E03520794F00FB39EF3CFFF012F72A5D03C60F89DE28DBE69016F6ED151B5338 |
SHA-512: | 8784F4D42908E54ECEDFB06B254992C63920F43A27903CCEDD336DAAEED346DB44E1F40E7DB971735DA707B5B32206BE1B1571BC0D6A2D6EB90BBF9D1F69DE13 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.385220179839388 |
Encrypted: | false |
SSDEEP: | 3:rCmFOIaPMogDXK+8YHSv:FFJaCDXxDHc |
MD5: | EE0306A79AAEFBD4CF3BC7E5F8A0D3B1 |
SHA1: | 32DAE2CFB0AF831F0E8445F36C0D2CE0FE9B2E88 |
SHA-256: | 969AE83F1366975BECE266C3BE5994291C55302E93564A1435FE542B456904EC |
SHA-512: | FDFAB128F4F096F4B4DD31758116522337644F269CB28E1496E20D866083BF31D277A123704E8924A0FC4EF0212CBA89E3AB9FDDCAFFCF400C859C8DF87736FD |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79 |
Entropy (8bit): | 4.403941477424042 |
Encrypted: | false |
SSDEEP: | 3:xDCHGF6IX8SAfPMtjxdMzlyJ4:xYGFr8jfkjxdMRyJ4 |
MD5: | 7740551865A57633B3E92986352DFA1B |
SHA1: | 74070B3636B69B710C32996FC1640129202F4CAF |
SHA-256: | 8A36ECC37EB454FE13B4B31EB9EDA67919AA5DD3A474480930982EF93334499A |
SHA-512: | B4C5902F3CA91FA83EC0297254ACF5F63B2145500863AFB86F96B9C2D3844C8C476CD0F6DD31E3EB92C4ACA2CD35C2F6BE563549817B676FA9B4592F280C79F2 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.938721875540868 |
Encrypted: | false |
SSDEEP: | 3:rCmFLFDgov:FFxJ |
MD5: | 5ECB02EAAA322BE4DF7F61A1A23C799D |
SHA1: | BEC83A2546F38A7133EF962D09CD520F87E5ABB2 |
SHA-256: | D78710D080D6200BFF04D443F8FA923F619914FB191DC2B3865DA1F3D9739E30 |
SHA-512: | 2306F4FC08E0AEFE4A44C4507E46EE2D3D808423EC8D31980980F785E20C0DF301A9B3D9A2469D609E054D5A8AC4089AC39FFB388B70ED8A36F688B4362A2F88 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\Covid21 2.0.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 422029 |
Entropy (8bit): | 6.688336510135275 |
Encrypted: | false |
SSDEEP: | 12288:5NIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTQ:uPGSY91VwNJcFMqTQ |
MD5: | A7CE5BEE03C197F0A99427C4B590F4A0 |
SHA1: | 14D8617C51947FB49B3ABA7E9AECE83E5094CF71 |
SHA-256: | 0C53A3EC2B432A9013546F92416109D7E8F64CEA26AC2491635B4CF2A310D852 |
SHA-512: | 7F3C56C42D899ADA5ACDC5C162391F9FA06455DB08E6DF0A57132CA5B1BB3D52E6DBC9342310480D45AA32915502ACEB7552375A45D3FD1A54FEE0E73AF6024A |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\2526.tmp\CLWCP.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6220854 |
Entropy (8bit): | 6.660583803059703 |
Encrypted: | false |
SSDEEP: | 24576:cjUJucwO/CkHCoUQnI7Er5OBVB8JCsMjdsWYDaFWiG0SQbrGJVXVuBX0j6BHpsPH:gUJucwHkHlUQ9QBr8nMqVD/6SbuB8BV |
MD5: | 1A6ACC65486762EE05D1ABD90169CAF2 |
SHA1: | 12DB4A705D5DBDA06625FA38FC6B1A6AD73FD0B9 |
SHA-256: | 0733EE5D3CF3B3E574C3A052C78DFC0D9791A7099DFAA8D3A0372075496311B3 |
SHA-512: | D4B2E9E7261FF91DB206242314D50C66978E0353E113D72BC48637A41D12D3CFA00C5F04B2A744937769CD433ABADB9872C72CF158A9F0863B9F40B6962D27D5 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 531456 |
Entropy (8bit): | 7.007155751747995 |
Encrypted: | false |
SSDEEP: | 12288:bt007p82D5NYQ1bjLXHfNOTliq6G8/Q3Uk+leP4RG3:2qpzvYQ1Tfoi8b3U1kaq |
MD5: | 6374CA8AD59246DFED4794FD788D6560 |
SHA1: | D54281430AD11272F657DE4E909B4BA7B8561821 |
SHA-256: | 25B6F4ABC0B8A7A3F3CAE54A2F75810B977C0F5ED20AF98E77BE9449E7135108 |
SHA-512: | 0434F5C6ECD1A036A59E2F5DE56F0905460D46C31FFF6A7F160F54CFBCB56EA2DA22647D564E53D66C47A789A67D165C59E64D924B0F2CF80FDCD865847A772F |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 170445 |
Entropy (8bit): | 7.987389688426996 |
Encrypted: | false |
SSDEEP: | 3072:mTwQIE+8Tj6wFrxGxGtSdWyCmI5KkeD8vcWtTH3Mi/gc+P9IP7HwKFKBlrF:qOE+o6hgcYLmI5+8k+TH3Mi/J+Pi7Hwn |
MD5: | 94AD752ABC09644D0B91A07022ECB000 |
SHA1: | 7EE97DC56E62E7B2D86EE892E7CF70673252242F |
SHA-256: | E3760C671CEC108580D47B0F8C11AE79E9DF9941D2E878032EEDA1B510F91231 |
SHA-512: | 9C0109A8E7DE5EA42B3CE8788A412F6ED1158AFD3DB87884034631DA15EC4C16275F0578C6AD438E91DC203C89AEF725D2642E06B751DF5CFF0D47B3D9A1AD1E |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\2526.tmp\PayloadMBR.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 3.0505993617935707 |
Encrypted: | false |
SSDEEP: | 96:CHNWrlndausdjYdjdRRYYyWNt5UIm9iD6gYOAFCgNfMrk:CtWbds1YdRdNHZm9iDPY6g8k |
MD5: | 84FA41E4FEF5AA7996B2249DD344D541 |
SHA1: | AA23B3211D81A35B9A1FB99CA18D6E15FDE230C6 |
SHA-256: | F35C7820202E4FD04F3C35A4E2F3719A1A5FD236B6A623B28909B43DC1C00AB4 |
SHA-512: | CCDA181C489350F2ECBDFF58AFD8D639BCA38392BD24FDC27C58B42213B824898E7C2023C7531A70FE830304E820E0EDCF745831849E53F2AE880C33A87A1B22 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.7326173175378665 |
TrID: |
|
File name: | Covid21 2.0.exe |
File size: | 1210880 |
MD5: | a7c7f5e792809db8653a75c958f82bc4 |
SHA1: | 7ebe75db24af98efdcfebd970e7eea4b029f9f81 |
SHA256: | 02fea9970500d498e602b22cea68ade9869aca40a5cdc79cf1798644ba2057ca |
SHA512: | feb42cc7b4f344c043bda8bebeefa8cbb68406d1e937dcdc5a403981f79587fa438c682c4744a47a77482fc049b0334806d468aeb67edd4a92d90b5acd0c16ae |
SSDEEP: | 24576:kweQ5x+HPXJ9N2qifMpZcu/6z6toe20xYuLFzY77+89J9o2:kwVeHhH2qoMIum62uhY7Kco2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'..L...............2.`...0...P..0.)..`....)...@...........................,............................................ |
File Icon |
---|
Icon Hash: | 4c8e2b2f0f030e0d |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x69aa30 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4CD7F727 [Mon Nov 8 13:12:07 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 1d88d597200c0081784c27940d743ec5 |
Entrypoint Preview |
---|
Instruction |
---|
pushad |
mov esi, 005A6015h |
lea edi, dword ptr [esi-001A5015h] |
push edi |
mov ebp, esp |
lea ebx, dword ptr [esp-00003E80h] |
xor eax, eax |
push eax |
cmp esp, ebx |
jne 00007F1CECB0260Dh |
inc esi |
inc esi |
push ebx |
push 00298988h |
push edi |
add ebx, 04h |
push ebx |
push 000F4A0Bh |
push esi |
add ebx, 04h |
push ebx |
push eax |
mov dword ptr [ebx], 00020003h |
nop |
nop |
nop |
nop |
nop |
push ebp |
push edi |
push esi |
push ebx |
sub esp, 7Ch |
mov edx, dword ptr [esp+00000090h] |
mov dword ptr [esp+74h], 00000000h |
mov byte ptr [esp+73h], 00000000h |
mov ebp, dword ptr [esp+0000009Ch] |
lea eax, dword ptr [edx+04h] |
mov dword ptr [esp+78h], eax |
mov eax, 00000001h |
movzx ecx, byte ptr [edx+02h] |
mov ebx, eax |
shl ebx, cl |
mov ecx, ebx |
dec ecx |
mov dword ptr [esp+6Ch], ecx |
movzx ecx, byte ptr [edx+01h] |
shl eax, cl |
dec eax |
mov dword ptr [esp+68h], eax |
mov eax, dword ptr [esp+000000A8h] |
movzx esi, byte ptr [edx] |
mov dword ptr [ebp+00h], 00000000h |
mov dword ptr [esp+60h], 00000000h |
mov dword ptr [eax], 00000000h |
mov eax, 00000300h |
mov dword ptr [esp+64h], esi |
mov dword ptr [esp+5Ch], 00000001h |
mov dword ptr [esp+58h], 00000001h |
mov dword ptr [esp+54h], 00000001h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2cdf44 | 0x220 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x29c000 | 0x31f44 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x1a5000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
UPX1 | 0x1a6000 | 0xf6000 | 0xf5600 | False | 0.999160245797 | data | 7.99978608598 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x29c000 | 0x33000 | 0x32200 | False | 0.41157360505 | data | 4.64567241992 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x29c250 | 0x31828 | data | ||
RT_RCDATA | 0x3da74 | 0x5a4 | empty | ||
RT_RCDATA | 0x3e018 | 0x25a4cf | empty | ||
RT_RCDATA | 0x2984e8 | 0xbe | data | ||
RT_RCDATA | 0x2985a8 | 0xb | data | ||
RT_RCDATA | 0x2985b4 | 0x6 | Non-ISO extended-ASCII text, with no line terminators | ||
RT_GROUP_ICON | 0x2cda7c | 0x14 | data | ||
RT_VERSION | 0x2cda94 | 0x210 | data | ||
RT_MANIFEST | 0x2cdca8 | 0x29c | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
COMCTL32.dll | InitCommonControls |
GDI32.dll | SetBkColor |
MSVCRT.dll | memset |
OLE32.dll | CoInitialize |
SHELL32.dll | ShellExecuteExA |
SHLWAPI.dll | PathQuoteSpacesA |
USER32.dll | IsChild |
Version Infos |
---|
Description | Data |
---|---|
InternalName | covid-21 |
ProductName | covid21 corona virus |
FileVersion | 2,0,0,0 |
ProductVersion | 2,0,0,0 |
FileDescription | Run this only on vm |
Translation | 0x0000 0x04e4 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:53:07 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\Desktop\Covid21 2.0.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1210880 bytes |
MD5 hash: | A7C7F5E792809DB8653A75C958F82BC4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:53:08 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:08 |
Start date: | 28/03/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:09 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\cscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 143360 bytes |
MD5 hash: | 00D3041E47F99E48DD5FFFEDF60F6304 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:53:12 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:13 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:14 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\CLWCP.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 517120 bytes |
MD5 hash: | E62EE6F1EFC85CB36D62AB779DB6E4EC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: | |
Reputation: | low |
General |
---|
Start time: | 15:53:18 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:19 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:19 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:20 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:20 |
Start date: | 28/03/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:53:20 |
Start date: | 28/03/2021 |
Path: | C:\covid21\Corona.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 531456 bytes |
MD5 hash: | 6374CA8AD59246DFED4794FD788D6560 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:53:25 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\inv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 367616 bytes |
MD5 hash: | EBB811D0396C06A70FE74D9B23679446 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:53:25 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:26 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:31 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\z.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 422029 bytes |
MD5 hash: | A7CE5BEE03C197F0A99427C4B590F4A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
General |
---|
Start time: | 15:53:32 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:32 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:37 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\mlt.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 133205 bytes |
MD5 hash: | A4E26D32F9655DBE8EFD276A530EB02B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:38 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:38 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:43 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:43 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\icons.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 107828 bytes |
MD5 hash: | 3CA1D5768C2944D4284B1541653823C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
General |
---|
Start time: | 15:53:44 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:44 |
Start date: | 28/03/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:49 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\screenscrew.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 113664 bytes |
MD5 hash: | E87A04C270F98BB6B5677CC789D1AD1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
General |
---|
Start time: | 15:53:49 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:50 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:55 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:53:56 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\timeout.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 26112 bytes |
MD5 hash: | 121A4EDAE60A7AF6F5DFA82F7BB95659 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:54:00 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8c0000 |
File size: | 74752 bytes |
MD5 hash: | 15E2E0ACD891510C6268CB8899F2A1A1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:54:01 |
Start date: | 28/03/2021 |
Path: | C:\Users\user\AppData\Local\Temp\2526.tmp\PayloadMBR.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 103424 bytes |
MD5 hash: | D917AF256A1D20B4EAC477CDB189367B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
General |
---|
Start time: | 15:54:01 |
Start date: | 28/03/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3f0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:54:01 |
Start date: | 28/03/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 4.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.1% |
Total number of Nodes: | 792 |
Total number of Limit Nodes: | 3 |
Graph
Executed Functions |
---|
Function 00405EB2, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406960, Relevance: 7.6, APIs: 5, Instructions: 128memoryfileCOMMONCrypto
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000, Relevance: 74.2, APIs: 16, Strings: 26, Instructions: 666memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402779, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59sleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406330, Relevance: 6.1, APIs: 4, Instructions: 105COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004015F4, Relevance: 6.0, APIs: 4, Instructions: 25memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAC, Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F13, Relevance: 4.5, APIs: 3, Instructions: 38stringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066F1, Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404AB3, Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407470, Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403694, Relevance: 3.0, APIs: 2, Instructions: 4COMMON
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407750, Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004030A0, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F90, Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406807, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D90, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00405D3C, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 60keyboardwindowCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404714, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 61nativeCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E1A, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71memorynativeCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004020C9, Relevance: 4.5, APIs: 3, Instructions: 27COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CD7, Relevance: 3.1, APIs: 2, Instructions: 75COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CC0, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406C10, Relevance: .6, Instructions: 601COMMONCrypto
C-Code - Quality: 48% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040523F, Relevance: 46.8, APIs: 31, Instructions: 333windowkeyboardCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B03, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 238memoryregistryCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404925, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 73memorywindowCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004036F8, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106librarystringloaderCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EE3, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C70, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78windowstringCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056EF, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 320windowCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042F1, Relevance: 9.0, APIs: 6, Instructions: 40COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407650, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047BB, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040416A, Relevance: 7.5, APIs: 5, Instructions: 39COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403A79, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E09, Relevance: 6.1, APIs: 4, Instructions: 87memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C1A, Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051A3, Relevance: 6.0, APIs: 4, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 5.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 13.4% |
Total number of Nodes: | 1209 |
Total number of Limit Nodes: | 65 |
Graph
Executed Functions |
---|
Function 004053D4, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046CF80, Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 213registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 95% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054E0, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439164, Relevance: 3.2, APIs: 2, Instructions: 158COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435EB4, Relevance: 1.6, APIs: 1, Instructions: 131COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045543C, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440E40, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454DBC, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 132windowregistryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 41% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C77C, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043848C, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454A70, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454054, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AE4, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
Control-flow Graph |
---|
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041603C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A1C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E4C0, Relevance: 7.7, APIs: 5, Instructions: 176COMMON
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455280, Relevance: 4.6, APIs: 3, Instructions: 69COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C6B8, Relevance: 4.6, APIs: 3, Instructions: 56threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B3E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B3E4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402110, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404028, Relevance: 3.1, APIs: 2, Instructions: 68COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404020, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404024, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E510, Relevance: 3.0, APIs: 2, Instructions: 47timeCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453C18, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AD00, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A7C, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040152C, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CE2A, Relevance: 2.5, APIs: 2, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138D4, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406AC2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406AC4, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455E44, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B1C, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441090, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408424, Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004084D4, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E6E8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004388D8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 55% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405170, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040847C, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004084A8, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401608, Relevance: 1.3, APIs: 1, Instructions: 64COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004016C8, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AB90, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040175C, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004161A4, Relevance: 1.3, APIs: 1, Instructions: 21COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00440A48, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405210, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BD64, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B440, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045478C, Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AB48, Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EC2C, Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408604, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408862, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CCE, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B068, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B0B4, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B44, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427208, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EE84, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 250windowCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C874, Relevance: 19.7, APIs: 13, Instructions: 224COMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B74, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428300, Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439A78, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431760, Relevance: 16.6, APIs: 11, Instructions: 91COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D99, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 40threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004347A8, Relevance: 13.6, APIs: 9, Instructions: 140COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004211AC, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425588, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042565C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425730, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442B3C, Relevance: 12.2, APIs: 8, Instructions: 170COMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004398E8, Relevance: 12.1, APIs: 8, Instructions: 136COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F22C, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004454A8, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D1AC, Relevance: 10.7, APIs: 7, Instructions: 155COMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004565D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453CFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004438DC, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448A54, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74libraryloaderCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421DE8, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F35C, Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F730, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FBA8, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F3DC, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EAA8, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423E2C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403210, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445A3C, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004394B4, Relevance: 7.6, APIs: 5, Instructions: 120COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044587C, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455F48, Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423228, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453174, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F344, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AE2, Relevance: 7.6, APIs: 5, Instructions: 54COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B2F4, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004548A0, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3A4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456CD0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98timethreadwindowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448EE8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBF4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004329A0, Relevance: 6.2, APIs: 4, Instructions: 207COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA40, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B5E0, Relevance: 6.1, APIs: 4, Instructions: 102COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B5DE, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421C30, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449584, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045503C, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004164E0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004327E8, Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004318A4, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045482C, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00459324, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A8C, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448C38, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
C-Code - Quality: 61% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 5.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 961 |
Total number of Limit Nodes: | 31 |
Graph
Executed Functions |
---|
Function 004050DC, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449F58, Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 407windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051E8, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044CEA8, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439B30, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C9B0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 132windowregistryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 42% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431EAC, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C6A8, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044BDA0, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446AE8, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044B5C4, Relevance: 6.1, APIs: 4, Instructions: 99COMMON
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044CC30, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004019FC, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BA08, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BA06, Relevance: 4.6, APIs: 3, Instructions: 69COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DA54, Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FA58, Relevance: 3.1, APIs: 2, Instructions: 129COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004020E8, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044B980, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406714, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401514, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E66C, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004132A8, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040679A, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040679C, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004067F4, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439D64, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EA0, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407AD0, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004016A8, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A128, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040173C, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404F24, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435160, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004348E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004294BC, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DBAC, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425634, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439734, Relevance: 50.8, APIs: 15, Strings: 14, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435BB0, Relevance: 19.7, APIs: 13, Instructions: 224COMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040684C, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004285FC, Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433084, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B0F0, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56filewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E400, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C248, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DE10, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FA80, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EF8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109threadCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423AAC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423C54, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CD0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B7EC, Relevance: 12.2, APIs: 8, Instructions: 170COMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432F30, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DC04, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E11C, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004363D0, Relevance: 10.7, APIs: 7, Instructions: 156COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044BA60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C580, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423B80, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004206B8, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447864, Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E104, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E574, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AC0, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B5E8, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DDB4, Relevance: 9.1, APIs: 6, Instructions: 55COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D498, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A9D, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044190C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F74, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E6BC, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432BA8, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E4FC, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043670C, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
C-Code - Quality: 22% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044D8FC, Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042191C, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044AF84, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DD1C, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC84, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C5B4, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD34, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C6B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C704, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E4D4, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C0D4, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420500, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441F64, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415C90, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C558, Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B6D4, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C540, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406724, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AAAC, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106threadCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004417E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E3BC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadwindowCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004097CC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444C18, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 381 |
Total number of Limit Nodes: | 13 |
Graph
Executed Functions |
---|
Function 00405070, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040517C, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044A410, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437098, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449F18, Relevance: 13.6, APIs: 9, Instructions: 132windowregistryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449308, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449C10, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448B2C, Relevance: 6.1, APIs: 4, Instructions: 99COMMON
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004019FC, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004020E8, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448EE8, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401514, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406728, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004372CC, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Control-flow Graph |
---|
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E34, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004016A8, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419F54, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404EB8, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432810, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431F90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426D20, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004239F0, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436C9C, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433260, Relevance: 19.7, APIs: 13, Instructions: 224COMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406780, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425E60, Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430734, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042BAFC, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C074, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F55C, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044B2F8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421E68, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C94, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438D54, Relevance: 12.2, APIs: 8, Instructions: 170COMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004305E0, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D684, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B684, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433938, Relevance: 10.7, APIs: 7, Instructions: 156COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429864, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139threadCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448FC8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439AE8, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422010, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421F3C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EA74, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444DCC, Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DB84, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DFDC, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401AC0, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428CE4, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D834, Relevance: 9.1, APIs: 6, Instructions: 55COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CF24, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A31, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444050, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BC24, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430258, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BA64, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044AE64, Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C74, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
C-Code - Quality: 22% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FCD8, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004484EC, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D79C, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AB3C, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449B1C, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ABEC, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EE74, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C4DC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429E00, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E300, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BF00, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E8BC, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F4CC, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044A198, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415ABC, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429C54, Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428DD0, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449AA8, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F180, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406658, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043ED50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409684, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442180, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 2.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 1283 |
Total number of Limit Nodes: | 35 |
Graph
Executed Functions |
---|
Function 0043A0D6, Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 374windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043892A, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004481E0, Relevance: 85.6, APIs: 12, Strings: 36, Instructions: 1558COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041E7, Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 255windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048BD, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 180windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404947, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 171windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422985, Relevance: 9.2, APIs: 6, Instructions: 162sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004508C7, Relevance: 3.2, APIs: 2, Instructions: 180COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B14C, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|