Analysis Report lazagne.exe
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
HKTL_Lazagne_PasswordDumper_Dec18_1 | Detects password dumper Lazagne often used by middle eastern threat groups | Florian Roth |
| |
HKTL_Lazagne_Gen_18 | Detects Lazagne password extractor hacktool | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
mimikatz | mimikatz | Benjamin DELPY (gentilkiwi) |
| |
mimikatz | mimikatz | Benjamin DELPY (gentilkiwi) |
| |
mimikatz | mimikatz | Benjamin DELPY (gentilkiwi) |
| |
JoeSecurity_LaZagne | Yara detected LaZagne password dumper | Joe Security | ||
JoeSecurity_LaZagne | Yara detected LaZagne password dumper | Joe Security | ||
Click to see the 5 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 2_2_501FF0B0 | |
Source: | Code function: | 2_2_501FBD00 |
Source: | Binary or memory string: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 0_2_00007FF7F6BEA34C | |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 2_2_500CAC70 | |
Source: | Code function: | 2_2_501DDDE0 | |
Source: | Code function: | 2_2_500C9E20 | |
Source: | Code function: | 2_2_500C9F70 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected LaZagne password dumper | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00007FF7F6BE8394 | |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 0_2_00007FF7F6BD4270 | |
Source: | Code function: | 0_2_00007FF7F6BEE628 | |
Source: | Code function: | 0_2_00007FF7F6BE13F0 | |
Source: | Code function: | 0_2_00007FF7F6BEEFC8 | |
Source: | Code function: | 0_2_00007FF7F6BDD384 | |
Source: | Code function: | 0_2_00007FF7F6BECB80 | |
Source: | Code function: | 0_2_00007FF7F6BE91F8 | |
Source: | Code function: | 0_2_00007FF7F6BDD108 | |
Source: | Code function: | 0_2_00007FF7F6BF18B8 | |
Source: | Code function: | 0_2_00007FF7F6BE91F8 | |
Source: | Code function: | 0_2_00007FF7F6BDF560 | |
Source: | Code function: | 0_2_00007FF7F6BD7920 | |
Source: | Code function: | 0_2_00007FF7F6BEA11C | |
Source: | Code function: | 0_2_00007FF7F6BD8150 | |
Source: | Code function: | 0_2_00007FF7F6BEC6B0 | |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 0_2_00007FF7F6BE2A70 | |
Source: | Code function: | 0_2_00007FF7F6BDCE8C | |
Source: | Code function: | 2_2_50076280 | |
Source: | Code function: | 2_2_501BC400 | |
Source: | Code function: | 2_2_501C0AA0 | |
Source: | Code function: | 2_2_501AACA0 | |
Source: | Code function: | 2_2_50076120 | |
Source: | Code function: | 2_2_5018D130 | |
Source: | Code function: | 2_2_500AB160 | |
Source: | Code function: | 2_2_500D3430 | |
Source: | Code function: | 2_2_501474B0 | |
Source: | Code function: | 2_2_50096500 | |
Source: | Code function: | 2_2_500BB5F0 | |
Source: | Code function: | 2_2_50156600 | |
Source: | Code function: | 2_2_501CE6D0 | |
Source: | Code function: | 2_2_5018E840 | |
Source: | Code function: | 2_2_500B08A0 | |
Source: | Code function: | 2_2_50188920 | |
Source: | Code function: | 2_2_5018C940 | |
Source: | Code function: | 2_2_500CDA70 | |
Source: | Code function: | 2_2_50172B80 | |
Source: | Code function: | 2_2_500BABC0 | |
Source: | Code function: | 2_2_500B6CB0 | |
Source: | Code function: | 2_2_500D6D00 | |
Source: | Code function: | 2_2_50090D30 | |
Source: | Code function: | 2_2_50075F01 | |
Source: | Code function: | 2_2_50075F00 | |
Source: | Code function: | 2_2_500CDF00 | |
Source: | Code function: | 2_2_501ACFB0 | |
Source: | Code function: | 2_2_500AFFE0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FF7F6BD5070 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7F6BD4EF0 |
Source: | Code function: | 2_2_50098A16 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00007FF7F6BD2B40 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 0_2_00007FF7F6BEA34C | |
Source: | Code function: | 0_2_00007FF7F6BE0580 | |
Source: | Code function: | 2_2_500CAC70 | |
Source: | Code function: | 2_2_501DDDE0 | |
Source: | Code function: | 2_2_500C9E20 | |
Source: | Code function: | 2_2_500C9F70 |
Source: | Code function: | 2_2_500BE0E0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF7F6BD903C |
Source: | Code function: | 0_2_00007FF7F6BD4EF0 |
Source: | Code function: | 0_2_00007FF7F6BEBCCC |
Source: | Code function: | 0_2_00007FF7F6BD8820 | |
Source: | Code function: | 0_2_00007FF7F6BD903C | |
Source: | Code function: | 0_2_00007FF7F6BD91D8 | |
Source: | Code function: | 0_2_00007FF7F6BD89C8 | |
Source: | Code function: | 0_2_00007FF7F6BE3AB8 | |
Source: | Code function: | 2_2_502072B0 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7F6BF1700 |
Source: | Code function: | 2_2_50074070 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7F6BD8F0C |
Source: | Code function: | 0_2_00007FF7F6BEE878 |
Source: | Code function: | 2_2_500CDA70 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected LaZagne password dumper | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Application Shimming1 | Process Injection11 | Process Injection11 | OS Credential Dumping | System Time Discovery2 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Application Shimming1 | Deobfuscate/Decode Files or Information1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information2 | Security Account Manager | File and Directory Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery35 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | Virustotal | Browse | ||
28% | Metadefender | Browse | ||
71% | ReversingLabs | Win64.Hacktool.Lazagne | ||
100% | Avira | SPR/LaZagne.B |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383853 |
Start date: | 08.04.2021 |
Start time: | 11:08:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | lazagne.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.troj.winEXE@4/21@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\_MEI29602\MSVCR90.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\_MEI29602\_ctypes.pyd | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:qn:qn |
MD5: | 3F1D1D8D87177D3D8D897D7E421F84D6 |
SHA1: | DD082D742A5CB751290F1DB2BD519C286AA86D95 |
SHA-256: | F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2 |
SHA-512: | 2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 626688 |
Entropy (8bit): | 6.59848802673898 |
Encrypted: | false |
SSDEEP: | 12288:uPGHbufTcaHuug7kgsHNbFM2zaVriFIWeAIDmqy7tHYa:uPG67c2uFbsNFM/rEIWeAIDmqy7tHh |
MD5: | 425D035880430FBED64DD6205C77F5B2 |
SHA1: | C3EAE140485E568E9868BEDCF9B7FD18DC4321ED |
SHA-256: | 93F30D067897DBA001B9F7ADA68C1C50B1DE40A8ED9F34905AF43537009A0AA6 |
SHA-512: | 696F27BC8C0B82941212B5D95903DE256FB0DD913CCB4FD45E3CC65E58B7BC8C4E82270ED43EAA76BA06DAA2249453C003FCEA249BAA84281A6654170FEDCDC8 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 122368 |
Entropy (8bit): | 5.819362190788905 |
Encrypted: | false |
SSDEEP: | 3072:GlBQfrPbtfynx+PRNn5LrL3BL8V4V5+4fJMThn6l:3DDtfIx+PRB5LrLRLK4ffJMTVm |
MD5: | 77BE51B28C575526D749E2A91F3A4A83 |
SHA1: | 6A3A1B24696F5E82813EB5AE633FB4A3543D0543 |
SHA-256: | 6F450435EDB2B78504F166044AA45E87CD19670789DFACDB1074DB7F934AB2A6 |
SHA-512: | 2FB131ED48AC08E51C485D8CE5F16C09C7AA7D3ABABB02B01198CC5ECE15C33F161AF25B7ED3130EE63676DEDC0FFB06C40EEB2A6C8654D89BA3539A5242CF6A |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 187392 |
Entropy (8bit): | 6.258526850539294 |
Encrypted: | false |
SSDEEP: | 3072:wvHvLh0U5wUl4d0T7Ec70i+T+fHJ84+gUP+HRyBRQk62IAK711111111etRseROl:wvHvLh0U5wUE0T71gHsj+gUP+4BRQkgF |
MD5: | C97BF92A8086849B9AD36DFFFE33081E |
SHA1: | 7889A9F095CCD2FC84752479516ED32A5F50838D |
SHA-256: | 425341F9B08A8D1683A9D88DCD820ACFE9E88612D4666CF9D2421315A592E74E |
SHA-512: | 55989FE0C8BF06FB2057754C0939EF22931CEBA288C0066B01F307172AAFF5A29AA866D20D645585226A9C5F8B1C64AEDC76627F7AB700F786CB27AD85D864EB |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1645568 |
Entropy (8bit): | 6.602232844440997 |
Encrypted: | false |
SSDEEP: | 49152:iPZZq9jSQ5k2wbmSNPGtlqZVwASO+QPpyo3sALbF+:iPij5KwP |
MD5: | AE415DF4A7C5E23857092C0C10BD7D8F |
SHA1: | EE6793E2EEBB0E11E520933F4D233D8818D7C066 |
SHA-256: | 4C5AF12ECD203EA45E2AEC5CE9B4B862636A3B9A6057CE0D5D8CCE0EE37EC3A9 |
SHA-512: | 6D1666E387EBA3A1E12D98D971F58ADBD05D8D7FA5B4ED5240FBE0343C342AD36D4547D705B84ACBAE66D2A6013BB4484FD33BF74567FF81420297CBDC6677AC |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34816 |
Entropy (8bit): | 5.538613645371625 |
Encrypted: | false |
SSDEEP: | 768:UO+DjdRQCIcrb8rT6Q9QcuNGqEa757vsZ9newa:U3DRRVrorT6Q9xzq7vsZ9ne |
MD5: | D29F54FE961FF0BE2B4D1B75B18EE229 |
SHA1: | EB0E10454BA5EBD35422DCFD15F5E718ACB015D3 |
SHA-256: | D384E6A309C41031921FAC5358B99A37E4768681D882DE3E66D20179BDE623CF |
SHA-512: | 5BFCC3187FA0CF9A997DD35B91A831AB6AEFB960564F1A1479BA28252085EAAC167E91502B512D7E396630076E666535B593E0EC86EFBFFE5C0E516AA9283442 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50688 |
Entropy (8bit): | 5.919609959303551 |
Encrypted: | false |
SSDEEP: | 1536:Bxz3Bo5eP0gWO/k+zjIH6rrS/FrC7febv:X3G5eP0gfs+jdrrSdrufe |
MD5: | F9B160A08DACC271B8B7AD1516D88330 |
SHA1: | 762698430BBFE5B5D52756B969FE7A757CE07A33 |
SHA-256: | 7DDF74AC35A6DFA24C4F96ACD058829FC934B798AF910ED2A58D9B8EF8A26511 |
SHA-512: | 5F1666A63E1A5A9D788556899D2A1DDEB28A33C4AAC9273C706C35FE7FF3FEEB0138A2E75E6F9540560F8DF5717A9B0E264684F27C13277DB632CFCCD506AA2A |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64000 |
Entropy (8bit): | 5.6511061891380665 |
Encrypted: | false |
SSDEEP: | 768:qwE/smm5aVdUtHBNn0Os9tXD35vJ9umj+iYMZ+hJ9MSNEEVVvrgIuqWtxTQb:A/sXmdQhOOs9tTIiJOO+vrPuqWtxT4 |
MD5: | CEE4E6D863E08F9DB01735F9FEC8E9B1 |
SHA1: | 6CC4E503227C6D07749ED2BDF79A5878D3AD2DEF |
SHA-256: | 43092954458AD5D6E6CD2C8FD5D917D09A66E8976B0BA3225CDA48D60465E179 |
SHA-512: | 62E2530E8F42B5512474D95BD40A36E8CCF5F9DA7213386BBCEFB6096F82CD6940309CDE42CF77B0BD371308E797E5B7A4B6E4C7DB7E12D9E00277C6F8F0E040 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2110976 |
Entropy (8bit): | 6.560389814705208 |
Encrypted: | false |
SSDEEP: | 49152:w4yIXF3XjSlzJLt0ubdp+e9K1cihGtlqSTeVwASO6Awp/:PjGN9nT9D |
MD5: | 16BBB7E72D190E6712D923DBC854A45F |
SHA1: | 2913C4D3B9F0C708845252E863518D9BDAEA5AAC |
SHA-256: | A9D0FDC952D5BB1BA7F809A6FA7BA9418414D5A10F4A7D429F680EAC22D6A322 |
SHA-512: | 906F16928E322ADDF52AAD4E21265650B82853AE73E39EC60A80EFFD205D75BF5B4183BAC1CD55F853BBCFDC84C4FB2694ACFF2098C32D93175AEEFD3CDFF5C9 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 92672 |
Entropy (8bit): | 6.2987426487823965 |
Encrypted: | false |
SSDEEP: | 1536:+2swYRURXPj3/W3yd/nVu26F3RjrEOxZhuhiDOouhvqucpY62M84+f/PPgTt/:ewYRUR7/W3yd/npS3BE8uhiDObvquWY0 |
MD5: | A1950D15AE7FADD5B203639F3965F690 |
SHA1: | DD09DFEE5577FECA2CE25D9CC5091933CA580ADB |
SHA-256: | BAA75AD550784C5C5BADA51CB565784A04F267FAD708E6611B0CC3DC6AE0C1ED |
SHA-512: | B0CA2E27E0FA77A58C7A56D66BF01FCA152CB784E11CED7E247B092864F5A81B6CDE353ADFE58193D660F9BE7B37C8076A6CA75390D4B34228B5359A3A884C88 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1012 |
Entropy (8bit): | 5.301330802079605 |
Encrypted: | false |
SSDEEP: | 12:TMHdtnQEH5LXgVNsSNXvNxW5v+MHCgVNenhSN4tOvcNg4gv18zyiUGXwcGkVtvX8:2dtn3ZrgPN2v+zg6nEN4Wme5rcb3S |
MD5: | DBCDC3116767F0B87DFBB68D4FFC4F9C |
SHA1: | 2734CA39F9FD5456EAC65457BB24D83B29BDCAC0 |
SHA-256: | 4127ECF092BC603470EF5AD84159C45BC15D341CDFB95FF314B7792BBE471930 |
SHA-512: | D47096B3B2D0D5970221A310CE6A3DFEFF43E134635362E1D8C662F2EEE1DE96B7C832A5B701837823649535E7DEEEA5BCAC97E95073920519B3703488D4B1AE |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1032 |
Entropy (8bit): | 0.8220691243022215 |
Encrypted: | false |
SSDEEP: | 3:zp/t/NAFjYNKPWrl/WlWotttltl1Xl1Vl+//l5llHlMtllFllNllFll1llltMldd:zRb2WEAotu1Z4+E |
MD5: | 56B60D510B2C02A6B0E5BBB4995D37C4 |
SHA1: | B5CB31F92C6E5124D259DF06294DE36FF3143F54 |
SHA-256: | 09B85BB7F63A45C0CDC8A3A36A2F0ECDC64AFE00481236B9EB9CB230936CF243 |
SHA-512: | 694CA50E191070A4C699E433308E665E1200FB856D4E1969AF01BEB87AE2B5B6B10A92DE93935139F0D1961E4A2324666FDEA15D0406B2117B1D0FFDC113BCCC |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2468 |
Entropy (8bit): | 1.8488551602973704 |
Encrypted: | false |
SSDEEP: | 24:ttlDEtyDaA9bZW0sfmNFkUclvgn4Y3oCPNJP:pDs0aGZWvfYFkUclon4moOR |
MD5: | 8014A303C133E84A62FEBB00967306DF |
SHA1: | 60F9E6706DCD69328BE21B1AFCEA632220791827 |
SHA-256: | 202AB2744BEF1AA198A3BE33EF5EE1A78764DB85D5076C0D0B168C574BDE1C35 |
SHA-512: | 13BE9D00DAB729831F70270D7B269711B6B7DB042434C7A38C335A9D97A45465A715BD5F8F9BBE3118168E11CADB73D631800CF1424F6BC02F8B91F56E66E16F |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 186368 |
Entropy (8bit): | 6.217956124278818 |
Encrypted: | false |
SSDEEP: | 3072:hLr0JazUQXiCiqf9kZJH4+gUP4HR6EgsUsApxg+Y6qTiIYrL0JaNTjX4tsgqYU/l:hLr0xQy/1Y+gUP4cEgoomPW1UCZR1dgO |
MD5: | A5087EBBE3F55657E588B6C3D33B05B5 |
SHA1: | 66CB6592D0C7C33B4089906CA1FD8D1F60B9C9CB |
SHA-256: | A2FD7FFCED225DE673F815374903500921BAA1FF2B13A5DE1DC35B53E457B964 |
SHA-512: | FF9C394B5516DC828DA580F8A5D2CBED77E957CAD568628ED801A0E5C5F7B8873FA7A5A3A5234D61C86EEA95A87720BFDB17AEBAB706CE1A76097D2F0330ABE0 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3430912 |
Entropy (8bit): | 6.37271013036293 |
Encrypted: | false |
SSDEEP: | 49152:cnHmMWTjmrbx/NWSRCgn6S4Ttffg7d47fPjnRM4gHQM1IITPCc+y5+3jt:FsVZzWzRMhHnaup5mt |
MD5: | 3AE2BFD1F3810E1F8E63D12B6640D305 |
SHA1: | 0EAA9F0C96FA24AB837C736E6540A0BE72ED83D2 |
SHA-256: | 43E8C9B6C1403B4622DE9C9BFF75542803A674909D44ABA26CF11828FD0A5ED0 |
SHA-512: | 002AF9C02F59B1001060C9451E59FF617D6BAC002C4E0553D61EDBAE1C55E59DA9D04ED3B0075B93AB7F8C6DA43E7AC2B9664464A07D073A5A32C7D601DC16E8 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 138752 |
Entropy (8bit): | 5.989789523493373 |
Encrypted: | false |
SSDEEP: | 3072:gMwiYgZWoh2lw41fwYYrrC0zrG+h+lu01dOlHqmvfbhc:BwiYSPlCfwYYrrC0XG+Ku2dOlHqmvfb |
MD5: | EC16DB0AD80BE2FB40600DF034797ECB |
SHA1: | 6D5BCE3B8FB8C7DFF0AA179D503AF47887E3F0C2 |
SHA-256: | 959BECE25A592BF32D3B3E602BB8EBE88039DB2F58916F593DB3B66795258074 |
SHA-512: | E0827664A6FF06093C16B520DA354AF77D85EE10A364FD827ECD345D61C322005104354C12CEE9778560E44E6AE7A4AA7E4070F388EF8799F139EA8C5C0C97FB |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.266287148850505 |
Encrypted: | false |
SSDEEP: | 192:WAwvSWlNmvru6GuANTdZXaGI3X+Mw6Hc1U5dz2R:W0WlNmTu6ANTdZXX486HuA |
MD5: | 0EC68F2BE57E2C19220F6E8C3101C77B |
SHA1: | 7DF423B32F071155D54814E94524FE444A69FC68 |
SHA-256: | 7A256D44AB212F08E3DCB8D17ABB12D9B79618699ECAC75CCF00CDAE5D35DF1A |
SHA-512: | E8D5CBF1B0B38D6D2CA81C0E78E306A357AC47D252650D02E0917654D1FFA04EE44AFBF02EC1301D5B3AC1F5D584F131C3FBAAB7AC5F4D76F00D14326122A4B8 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 802816 |
Entropy (8bit): | 6.523325806832283 |
Encrypted: | false |
SSDEEP: | 12288:8x3X8SmDn2xExf8zn4iqSZog4c7CGdXATK2VET9HkAV9216wm9EOLjmCkc:8NX8Smy0fm48ZhX7CGdQ+2Vs2NEn |
MD5: | 6243ADF7EBC3E698197C7161C219D172 |
SHA1: | DABF82E0359066BC92BD9DD44800927D21595B85 |
SHA-256: | 9BDAB17D9EE7C7ED2BD7CF06E2342A4661AB1CC43C0D6CDAC708C7E13C329561 |
SHA-512: | 37C0A1B94471AACE82973EE9EBFF5D371DF1E501399C0784194ABCE48E403107DB7738437B9079AACDE0241714B24704C274F978CD89B01D61FA343A3410BCC8 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 692224 |
Entropy (8bit): | 5.413494927813964 |
Encrypted: | false |
SSDEEP: | 12288:WTXP3AxoMPBt8FpQsVdFiI5mZMPXubUxktwd:MXfRM8XQsVdXSPAxLd |
MD5: | 7AF93CCB3188D3E8B8E6B4312843F3C6 |
SHA1: | 2133AFA4ED01CB854ADE1C37299476A19F9AB09E |
SHA-256: | 21F810B2C5E7F433A6D6CEDED19534499122D3E90EC643A22847769AF3346BDC |
SHA-512: | 2BE16719F59CED3136240844AF927418EB61D4215ED5645FFB9B42DDB1522E819637DE767F86E7FF5C03071EBC9466C919FC5E4BFC0370AC04F2F92237FB0BE6 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | modified |
Size (bytes): | 27648 |
Entropy (8bit): | 5.558149051383417 |
Encrypted: | false |
SSDEEP: | 768:LV8mBWEPoWxrwk3HDaF2Wfk4MXPisI4l:LV8mBWEPoWxck3H0CPiol |
MD5: | 5ED99AFCF2DDD45ADF10E8BFA037DEF1 |
SHA1: | 9EAF1151CA6292132554DD53A1A77B80BB7DE9C1 |
SHA-256: | D712B72E9B9B86486F352C42203FB2F9883780EA102793CC389B4F6254D660AB |
SHA-512: | BB7A56D2CB1BB701781DF07416FC4799011B95E61EBE41931EB15C72668EC6DE7933D6CD3BBE421D1F5EDA59C872539900DC6DD38BB680295C8C0F1D50043C2D |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\lazagne.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1624 |
Entropy (8bit): | 3.5364305076108296 |
Encrypted: | false |
SSDEEP: | 24:zXQLrvyXQLPcdZUOCm4wAzBZk1g7naFs7Dn2dz:zXkrv+kPcdZU3m4/z/LDau7b2dz |
MD5: | BF58F1B0300768F9D1584BB350912C84 |
SHA1: | 466B4DB6ED0E4FF116F08313FE92E1FF3E8C8591 |
SHA-256: | 1A0A3A3E24D3D2562E04584E17102942E847ED7223D6BAB6C0491EEFD642AF97 |
SHA-512: | 606D6BCCFDD3C7008622DEED22D7D2D2AB336577E72C78F80B39D557A5EC5C591EFA4E1C840EC9FF3697D47EE1C6C9F37538F5506A3A8C64D29EB90903BD5D90 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.9891504435286205 |
TrID: |
|
File name: | lazagne.exe |
File size: | 6635326 |
MD5: | 68d3bf2c363144ec6874ab360fdda00a |
SHA1: | fa2f281fd4009100b2293e120997bfd7feb10c16 |
SHA256: | ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56 |
SHA512: | a99497da071bce5feed5d319a8b54bcf8cf13d33744765eb9fcd984f196fdb9745a3959fdc50c488fd2556aba35c1c9d984188d1e611e8b1e84961116237737d |
SSDEEP: | 196608:MG4YKWwsbycm/iAjf+UAYt+sIqXrgiQZGHluk6s:cYBwSdm6AIsf3QZAlJ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r..e!..e!..e!.M.!..e!.M.!..e!.M.!..e!..f ..e!..` ..e!..a ..e!f..!..e!..d!..e!).a ..e!)..!..e!).g ..e!Rich..e!............... |
File Icon |
---|
Icon Hash: | ae9ebc4c8ce0e8f8 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1400089b4 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x5D24A292 [Tue Jul 9 14:20:02 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | a62ff465f3ead2e578f02d3a2d749b7b |
Entrypoint Preview |
---|
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F7738EB9EC4h |
dec eax |
add esp, 28h |
jmp 00007F7738EB97EBh |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [0001A6F7h] |
dec eax |
mov ecx, ebx |
call dword ptr [0001A6E6h] |
call dword ptr [0001A6F0h] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
pop ebx |
dec eax |
jmp dword ptr [0001A6E4h] |
dec eax |
mov dword ptr [esp+08h], ecx |
dec eax |
sub esp, 38h |
mov ecx, 00000017h |
call 00007F7738ED2C24h |
test eax, eax |
je 00007F7738EB9979h |
mov ecx, 00000002h |
int 29h |
dec eax |
lea ecx, dword ptr [0003838Fh] |
call 00007F7738EB9B3Fh |
dec eax |
mov eax, dword ptr [esp+38h] |
dec eax |
mov dword ptr [00038476h], eax |
dec eax |
lea eax, dword ptr [esp+38h] |
dec eax |
add eax, 08h |
dec eax |
mov dword ptr [00038406h], eax |
dec eax |
mov eax, dword ptr [0003845Fh] |
dec eax |
mov dword ptr [000382D0h], eax |
dec eax |
mov eax, dword ptr [esp+40h] |
dec eax |
mov dword ptr [000383D4h], eax |
mov dword ptr [000382AAh], C0000409h |
mov dword ptr [000382A4h], 00000001h |
mov dword ptr [000382AEh], 00000001h |
mov eax, 00000008h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x31944 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x46000 | 0xea38 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x43000 | 0x1d04 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x55000 | 0x698 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2f9c0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f9e0 | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x310 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x21390 | 0x21400 | False | 0.558270676692 | zlib compressed data | 6.46390919074 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0xf3c8 | 0xf400 | False | 0.528944672131 | data | 5.8544389404 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x33000 | 0xf108 | 0xc00 | False | 0.133138020833 | data | 1.84445842176 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x43000 | 0x1d04 | 0x1e00 | False | 0.472526041667 | data | 5.22958602987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gfids | 0x45000 | 0xac | 0x200 | False | 0.275390625 | data | 1.74158349633 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x46000 | 0xea38 | 0xec00 | False | 0.802105402542 | data | 7.29713961432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x55000 | 0x698 | 0x800 | False | 0.56591796875 | data | 4.99579189172 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x461c0 | 0xea8 | data | ||
RT_ICON | 0x47068 | 0x8a8 | data | ||
RT_ICON | 0x47910 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x47e78 | 0x909b | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x50f18 | 0x25a8 | data | ||
RT_ICON | 0x534c0 | 0x10a8 | data | ||
RT_ICON | 0x54568 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x549d0 | 0x68 | data |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, LoadLibraryExW, GetShortPathNameW, FormatMessageW, LoadLibraryA, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, HeapReAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetCommandLineA, ReadFile, CreateFileW, GetDriveTypeW, GetFileType, CloseHandle, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, GetFullPathNameA, CreateDirectoryW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleCP, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableA, GetFileAttributesExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, GetProcessHeap, WriteConsoleW, GetTimeZoneInformation, HeapSize, RaiseException |
WS2_32.dll | ntohl |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:09:33 |
Start date: | 08/04/2021 |
Path: | C:\Users\user\Desktop\lazagne.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f6bd0000 |
File size: | 6635326 bytes |
MD5 hash: | 68D3BF2C363144EC6874AB360FDDA00A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 11:09:34 |
Start date: | 08/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:09:36 |
Start date: | 08/04/2021 |
Path: | C:\Users\user\Desktop\lazagne.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f6bd0000 |
File size: | 6635326 bytes |
MD5 hash: | 68D3BF2C363144EC6874AB360FDDA00A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 17.4% |
Total number of Nodes: | 1711 |
Total number of Limit Nodes: | 46 |
Graph
Executed Functions |
---|
Function 00007FF7F6BEE628, Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 366timeCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BEE878, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD4270, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 146COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1670, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 91COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1230, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 95COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD4B70, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1040, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE47EC, Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1130, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1000, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD1390, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE5E6C, Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE508C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE63BC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BEAA40, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BDA9A4, Relevance: 3.2, APIs: 2, Instructions: 187COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE07F0, Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE2EA8, Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE2EE8, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE3000, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00007FF7F6BD2B40, Relevance: 243.9, APIs: 46, Strings: 93, Instructions: 662libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BECB80, Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD4EF0, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 89libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5070, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE3AB8, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BEA11C, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BEA34C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BF18B8, Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE2A70, Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD7920, Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BDF560, Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BF1700, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD91D8, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD36E0, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 122COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD20F0, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 151COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE7AD0, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD38E0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 88COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE891C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD52D0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE87D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5640, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5850, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE26A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5160, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 105COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5710, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 90COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5420, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD5560, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BF1500, Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE8C18, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD3B30, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE5630, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BD28C0, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE6FE0, Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE7244, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE7674, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE1CD4, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE7F90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7F6BE8B48, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 3.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0.5% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 219 |
Graph
Executed Functions |
---|
Function 500CAC70, Relevance: 60.0, APIs: 25, Strings: 9, Instructions: 479fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501AACA0, Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 256registrystringCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501BC400, Relevance: 19.9, APIs: 5, Strings: 6, Instructions: 655COMMONCrypto
C-Code - Quality: 56% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501FF0B0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50204E50, Relevance: 111.0, APIs: 3, Strings: 60, Instructions: 712COMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501AB270, Relevance: 66.9, APIs: 25, Strings: 13, Instructions: 407stringCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501DD4F0, Relevance: 47.8, APIs: 12, Strings: 15, Instructions: 556COMMON
C-Code - Quality: 64% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500D8AF0, Relevance: 31.8, APIs: 3, Strings: 15, Instructions: 254threadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501A2F80, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 245stringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DEE20, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 84threadCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501D3FC0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 80windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501FEFD0, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 56libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501DE720, Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 181stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501E42C0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 220stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501AB910, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98registryfileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5013DA80, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501DEEC0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 140stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50123380, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 126stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500C97C0, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 115fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501D4360, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DC6F0, Relevance: 6.0, APIs: 4, Instructions: 41threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50161FD0, Relevance: 5.1, APIs: 4, Instructions: 129COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50133B50, Relevance: 5.1, APIs: 4, Instructions: 109COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500C95C0, Relevance: 4.5, APIs: 3, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50160D80, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501612C0, Relevance: 3.1, APIs: 2, Instructions: 80COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500D8F00, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5014DE20, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DDCC0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50160ED0, Relevance: 1.4, APIs: 1, Instructions: 128COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5014D3B0, Relevance: 1.3, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5014B2B0, Relevance: 1.3, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 502072B0, Relevance: 15.1, APIs: 10, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50188920, Relevance: 13.8, APIs: 9, Instructions: 340COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5018E840, Relevance: 7.6, APIs: 5, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008F3A0, Relevance: 48.2, APIs: 32, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500E0660, Relevance: 44.1, APIs: 13, Strings: 12, Instructions: 381fileCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008F080, Relevance: 43.7, APIs: 29, Instructions: 176COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500CC5D0, Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 316stringCOMMON
C-Code - Quality: 31% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DE590, Relevance: 40.5, APIs: 11, Strings: 12, Instructions: 233COMMON
C-Code - Quality: 24% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 26% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501DA690, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 113stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501FD480, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 298stringCOMMON
C-Code - Quality: 49% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500BC780, Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 128fileCOMMON
C-Code - Quality: 29% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 502068E0, Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 245filestringCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501AB0D0, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 105stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008F690, Relevance: 22.6, APIs: 15, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500CB8A0, Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 188fileCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501A3520, Relevance: 19.6, APIs: 5, Strings: 8, Instructions: 91stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 35% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008E780, Relevance: 18.1, APIs: 12, Instructions: 146COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501D45F0, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 166stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DD370, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 131threadCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008E230, Relevance: 16.6, APIs: 11, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500CE8B0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500CF920, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56pipeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500B8720, Relevance: 15.1, APIs: 10, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500E1910, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 200stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500820E0, Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 115stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008E4E0, Relevance: 12.1, APIs: 8, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501E6320, Relevance: 11.5, APIs: 9, Instructions: 210COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501A36A0, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 133stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5006D460, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500D876F, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 82threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501FF290, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 65stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500B78D0, Relevance: 9.1, APIs: 6, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501E72A0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501E7570, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44synchronizationthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501BC040, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31synchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5006B8E0, Relevance: 7.6, APIs: 5, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501E7630, Relevance: 7.6, APIs: 5, Instructions: 86threadsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5008E130, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500D8670, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501BC0C0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500DC850, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500CA0D0, Relevance: 6.1, APIs: 4, Instructions: 120COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501BC1B0, Relevance: 6.1, APIs: 4, Instructions: 112threadsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 5013E660, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500B88E0, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501D80B0, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 44stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501DE610, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50094640, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 500D9270, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 50064760, Relevance: 5.2, APIs: 4, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 501342B0, Relevance: 5.1, APIs: 4, Instructions: 82COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |