Play interactive tour
Edit tourAnalysis Report 6c9e4dd7_by_Libranalysis
Overview
General Information
| Sample Name: | 6c9e4dd7_by_Libranalysis (renamed file extension from none to exe) |
| Analysis ID: | 398986 |
| MD5: | 6c9e4dd7daab40a2b40db3d13279ee2e |
| SHA1: | 879eaa020afb3906709ffd8efe9dfcdd23399227 |
| SHA256: | 1dcddce0408092a22c015e183e463020a7231e1f5ca47e71acad4ddcfb0f2385 |
| Infos: | |
Most interesting Screenshot:  | |
Detection
NetWire
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NetWire
Yara detected NetWire RAT
C2 URLs / IPs found in malware configuration
Contains functionality to steal Chrome passwords or cookies
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match
Classification
Startup |
|---|
|
Malware Configuration |
|---|
Threatname: NetWire |
|---|
{"C2 list": ["rootsec.publicvm.com:3361"], "Password": "123", "Host ID": "HostId-%Rand%", "Mutex": "-", "Install Path": "%AppData%\\Install\\Host.exe", "Startup Name": "-", "ActiveX Key": "-", "KeyLog Directory": "%AppData%\\Logs\\"}Yara Overview |
|---|
Initial Sample |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security |
Dropped Files |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security |
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| Click to see the 4 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| netwire | detect netwire in memory | JPCERT/CC Incident Response Group |
| |
| Click to see the 3 entries | ||||
Sigma Overview |
|---|
System Summary: |   |
|---|
| Sigma detected: NetWire | Show sources | ||
| Source: | Author: Joe Security: | ||
Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: | |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for dropped file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Machine Learning detection for dropped file | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
Compliance: | |
|---|
| Detected unpacking (creates a PE file in dynamic memory) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_0048F1FF | |
| Source: | Code function: | 1_2_0048EB15 | |
Networking: | |
|---|
| C2 URLs / IPs found in malware configuration | Show sources | ||
| Source: | URLs: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Binary or memory string: | ||
System Summary: | |
|---|
| Malicious sample detected (through community Yara rule) | Show sources | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| PE file has a writeable .text section | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_00427690 | |
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_00435E97 | |
| Source: | Code function: | 2_2_009134D3 | |
| Source: | Code function: | 2_2_009308C0 | |
| Source: | Code function: | 2_2_00930420 | |
| Source: | Code function: | 2_2_00913047 | |
| Source: | Code function: | 2_2_0092D049 | |
| Source: | Code function: | 2_2_00925079 | |
| Source: | Code function: | 2_2_00929463 | |
| Source: | Code function: | 2_2_00924976 | |
| Source: | Code function: | 2_2_00925ABF | |
| Source: | Code function: | 2_2_0091AEC6 | |
| Source: | Code function: | 2_2_00912AFC | |
| Source: | Code function: | 2_2_00926619 | |
| Source: | Code function: | 2_2_00912E68 | |
| Source: | Code function: | 2_2_0091A728 | |
| Source: | Code function: | 2_2_0092FF50 | |
| Source: | Code function: | 2_2_00930F40 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 1_2_004AE03F | |
| Source: | Code function: | 1_2_0042ACE6 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation: | |
|---|
| Detected unpacking (creates a PE file in dynamic memory) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_004BF504 | |
| Source: | Code function: | 2_2_00919FDE | |
| Source: | Code function: | 2_2_0091A543 | |
| Source: | Code function: | 2_2_0091DD9F | |
| Source: | Code function: | 2_2_0091DDD9 | |
| Source: | Code function: | 2_2_0091DDF7 | |
| Source: | Code function: | 2_2_0091E394 | |
| Source: | Code function: | 2_2_0093244B | |
| Source: | Code function: | 2_2_00922058 | |
| Source: | Code function: | 2_2_00919980 | |
| Source: | Code function: | 2_2_0091998D | |
| Source: | Code function: | 2_2_0092470B | |
| Source: | Code function: | 2_2_00916E69 | |
| Source: | Code function: | 2_2_009127C8 | |
| Source: | Code function: | 2_2_00912815 | |
| Source: | Code function: | 2_2_009129B2 | |
| Source: | Code function: | 2_2_009197B9 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 1_2_00440840 | |
| Source: | Code function: | 1_2_004328A6 | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | File opened / queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_004B069F | |
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 1_2_00465374 | |
| Source: | Code function: | 1_2_00465374 | |
| Source: | Code function: | 1_2_00485EDE | |
| Source: | Code function: | 1_2_0048F1FF | |
| Source: | Code function: | 1_2_0048EB15 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_004B81C1 | |
| Source: | Code function: | 1_2_004BDB47 | |
| Source: | Code function: | 1_2_00440BC5 | |
| Source: | Code function: | 1_2_00440BC5 | |
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_004B069F | |
| Source: | Code function: | 1_2_00435E97 | |
| Source: | Code function: | 1_2_00435E97 | |
| Source: | Code function: | 1_2_00435E97 | |
| Source: | Code function: | 1_2_00435E97 | |
| Source: | Code function: | 1_2_0047DA73 | |
| Source: | Code function: | 1_2_004BED37 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 1_2_00466E2B | |
| Source: | Code function: | 1_2_00485EDE | |
| Source: | Code function: | 1_2_004BF3D8 | |
Stealing of Sensitive Information: | |
|---|
| Contains functionality to steal Chrome passwords or cookies | Show sources | ||
| Source: | Code function: | 2_2_0091F281 | |
| Source: | Code function: | 2_2_0091F382 | |
Remote Access Functionality: | |
|---|
| Yara detected NetWire RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping1 | System Time Discovery11 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion21 | Input Capture11 | Query Registry1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Credentials In Files1 | Security Software Discovery13 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol11 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information2 | LSA Secrets | Virtualization/Sandbox Evasion21 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing11 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | File and Directory Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery22 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 19% | Virustotal | Browse | ||
| 19% | ReversingLabs | Win32.Backdoor.NetWiredRc | ||
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 19% | Virustotal | Browse | ||
| 19% | ReversingLabs | Win32.Backdoor.NetWiredRc |
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| rootsec.publicvm.com | 172.111.153.139 | true | false | high |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| low | ||
| false |
| low |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.111.153.139 | rootsec.publicvm.com | United States | 9009 | M247GB | false |
General Information |
|---|
| Joe Sandbox Version: | 31.0.0 Emerald |
| Analysis ID: | 398986 |
| Start date: | 28.04.2021 |
| Start time: | 09:01:37 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 8m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 6c9e4dd7_by_Libranalysis (renamed file extension from none to exe) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 29 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/1@6/1 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 09:03:13 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| No context |
|---|
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| rootsec.publicvm.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| M247GB | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\Desktop\6c9e4dd7_by_Libranalysis.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2019840 |
| Entropy (8bit): | 6.594149057479949 |
| Encrypted: | false |
| SSDEEP: | 49152:nhtORUwc166NlRq7vLSUtwFODMQSOXzZ2WFeZkP9aiK+d/:nhtORUB166NHq7vLZ0mQoNzFeZkP9aiN |
| MD5: | 6C9E4DD7DAAB40A2B40DB3D13279EE2E |
| SHA1: | 879EAA020AFB3906709FFD8EFE9DFCDD23399227 |
| SHA-256: | 1DCDDCE0408092A22C015E183E463020A7231E1F5CA47E71ACAD4DDCFB0F2385 |
| SHA-512: | 6BEC4572366A42A9892EB7E1715B318996E3C57F8A11724910BDD07F794E5655F5EBAE9E06E695EE576100D9005EE16A394B1AEE889ADD6919BCD8183FDA303B |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Reputation: | low |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 6.594149057479949 |
| TrID: |
|
| File name: | 6c9e4dd7_by_Libranalysis.exe |
| File size: | 2019840 |
| MD5: | 6c9e4dd7daab40a2b40db3d13279ee2e |
| SHA1: | 879eaa020afb3906709ffd8efe9dfcdd23399227 |
| SHA256: | 1dcddce0408092a22c015e183e463020a7231e1f5ca47e71acad4ddcfb0f2385 |
| SHA512: | 6bec4572366a42a9892eb7e1715b318996e3c57f8a11724910bdd07f794e5655f5ebae9e06e695ee576100d9005ee16a394b1aee889add6919bcd8183fda303b |
| SSDEEP: | 49152:nhtORUwc166NlRq7vLSUtwFODMQSOXzZ2WFeZkP9aiK+d/:nhtORUB166NHq7vLZ0mQoNzFeZkP9aiN |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............n...n...n.6Z....n.6Z....n.6Z....n...o...n.6Z....n.6Z....n.6Z....n.6Z....n.Rich..n.........PE..L...M..R................... |
File Icon |
|---|
 | |
| Icon Hash: | 00828e8e8686b000 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x4becec |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x5215814D [Thu Aug 22 03:11:09 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 0b6ce52b13559fc7fd638da8d5c538c2 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| call 00007FC3CCB8B90Ch |
| jmp 00007FC3CCB8B008h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| cmp ecx, dword ptr [004D2004h] |
| jne 00007FC3CCB8B225h |
| retn 0000h |
| jmp 00007FC3CCB8B280h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| call dword ptr [004D8FC4h] |
| test byte ptr [ebp+08h], 00000001h |
| je 00007FC3CCB8B229h |
| push esi |
| call 00007FC3CCB8A47Ch |
| pop ecx |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push 00000000h |
| call dword ptr [004D8260h] |
| push dword ptr [ebp+08h] |
| call dword ptr [004D8264h] |
| push C0000409h |
| call dword ptr [004D825Ch] |
| push eax |
| call dword ptr [004D8258h] |
| pop ebp |
| ret |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 00000324h |
| mov dword ptr [004D6198h], eax |
| mov dword ptr [004D6194h], ecx |
| mov dword ptr [004D6190h], edx |
| mov dword ptr [004D618Ch], ebx |
| mov dword ptr [004D6188h], esi |
| mov dword ptr [004D6184h], edi |
| mov word ptr [004D61B0h], ss |
| mov word ptr [004D61A4h], cs |
| mov word ptr [004D6180h], ds |
| mov word ptr [004D617Ch], es |
| mov word ptr [00000078h], fs |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd90c0 | 0x154 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xdd000 | 0xda948 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b7400 | 0xbf60 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1030 | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x21730 | 0x5c | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xd8000 | 0x10c0 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xd1114 | 0xa0 | .text |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xd045c | 0xd0600 | False | 0.458270845831 | data | 6.46349372703 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .data | 0xd2000 | 0x5c1c | 0x4200 | False | 0.182469223485 | data | 2.92826603731 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .idata | 0xd8000 | 0x4866 | 0x4a00 | False | 0.378800675676 | data | 5.88102985703 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xdd000 | 0xda948 | 0xdaa00 | False | 0.48924497034 | data | 6.40558978802 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1b8000 | 0x112bc | 0x11400 | False | 0.472712862319 | data | 5.43661036513 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| MUI | 0x1b7830 | 0x118 | data | English | United States |
| TYPELIB | 0x17a9f0 | 0x1350 | data | English | United States |
| WMF | 0x17bd40 | 0xb958 | Windows Enhanced Metafile (EMF) image data version 0x10000 | English | United States |
| WMF | 0x187698 | 0xc020 | Windows Enhanced Metafile (EMF) image data version 0x10000 | English | United States |
| WMF | 0x1936b8 | 0xc020 | Windows Enhanced Metafile (EMF) image data version 0x10000 | English | United States |
| WMF | 0x19f6d8 | 0xc06c | Windows Enhanced Metafile (EMF) image data version 0x10000 | English | United States |
| WMF | 0x1ab748 | 0xc0e8 | Windows Enhanced Metafile (EMF) image data version 0x10000 | English | United States |
| RT_BITMAP | 0x16b570 | 0xd88 | data | English | United States |
| RT_BITMAP | 0x169e88 | 0x16e8 | data | English | United States |
| RT_BITMAP | 0x16c2f8 | 0x428 | data | English | United States |
| RT_BITMAP | 0x16c720 | 0x44 | data | English | United States |
| RT_BITMAP | 0x16c768 | 0x44 | data | English | United States |
| RT_BITMAP | 0x172078 | 0x8a8 | data | English | United States |
| RT_BITMAP | 0x145348 | 0x4a68 | dBase III DBT, version number 0, next free block index 40 | English | United States |
| RT_BITMAP | 0x14e818 | 0x1b2a | data | English | United States |
| RT_BITMAP | 0x151e78 | 0xab2a | data | English | United States |
| RT_BITMAP | 0x149db0 | 0x4a68 | data | English | United States |
| RT_BITMAP | 0x1674d8 | 0x14d4 | data | English | United States |
| RT_BITMAP | 0x1689b0 | 0x14d4 | data | English | United States |
| RT_BITMAP | 0x150348 | 0x1b2a | data | English | United States |
| RT_BITMAP | 0x16c7b0 | 0x2fe | GLS_BINARY_LSB_FIRST | English | United States |
| RT_BITMAP | 0x16cab0 | 0x316 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_BITMAP | 0x16cdc8 | 0x92a | data | English | United States |
| RT_BITMAP | 0x15c9a8 | 0xab2a | data | English | United States |
| RT_BITMAP | 0x176850 | 0x3f2a | data | English | United States |
| RT_BITMAP | 0x16d6f8 | 0x92a | data | English | United States |
| RT_BITMAP | 0x16e028 | 0x92a | data | English | United States |
| RT_BITMAP | 0x16fbb8 | 0x92a | data | English | United States |
| RT_BITMAP | 0x1704e8 | 0x92a | data | English | United States |
| RT_BITMAP | 0x170e18 | 0x92a | data | English | United States |
| RT_BITMAP | 0x171748 | 0x92a | data | English | United States |
| RT_BITMAP | 0x172920 | 0x3f2a | data | English | United States |
| RT_BITMAP | 0x16e958 | 0x92a | data | English | United States |
| RT_BITMAP | 0x16f288 | 0x92a | data | English | United States |
| RT_BITMAP | 0x17a780 | 0x1ce | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0xdec58 | 0x668 | data | English | United States |
| RT_ICON | 0xdf2c0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2011658216, next used block 8878286 | English | United States |
| RT_ICON | 0xdf5a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0xdf6d0 | 0xea8 | data | English | United States |
| RT_ICON | 0xe0578 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 14543346, next used block 15068915 | English | United States |
| RT_ICON | 0xe0e20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0xe1388 | 0x135a4 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0xf4930 | 0x25a8 | data | English | United States |
| RT_ICON | 0xf6ed8 | 0x10a8 | data | English | United States |
| RT_ICON | 0xf7f80 | 0x468 | data | English | United States |
| RT_ICON | 0xf8480 | 0x668 | data | English | United States |
| RT_ICON | 0xf8ae8 | 0x2e8 | data | English | United States |
| RT_ICON | 0xf8dd0 | 0x128 | data | English | United States |
| RT_ICON | 0xf8ef8 | 0xea8 | data | English | United States |
| RT_ICON | 0xf9da0 | 0x8a8 | data | English | United States |
| RT_ICON | 0xfa648 | 0x568 | data | English | United States |
| RT_ICON | 0xfabb0 | 0x123ff | data | English | United States |
| RT_ICON | 0x10cfb0 | 0x25a8 | data | English | United States |
| RT_ICON | 0x10f558 | 0x10a8 | data | English | United States |
| RT_ICON | 0x110600 | 0x468 | data | English | United States |
| RT_ICON | 0x110b00 | 0x668 | data | English | United States |
| RT_ICON | 0x111168 | 0x2e8 | data | English | United States |
| RT_ICON | 0x111450 | 0x1e8 | data | English | United States |
| RT_ICON | 0x111638 | 0x128 | data | English | United States |
| RT_ICON | 0x111760 | 0xea8 | data | English | United States |
| RT_ICON | 0x112608 | 0x8a8 | data | English | United States |
| RT_ICON | 0x112eb0 | 0x6c8 | data | English | United States |
| RT_ICON | 0x113578 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x113ae0 | 0x10c29 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x124710 | 0x25a8 | data | English | United States |
| RT_ICON | 0x126cb8 | 0x10a8 | data | English | United States |
| RT_ICON | 0x127d60 | 0x988 | data | English | United States |
| RT_ICON | 0x1286e8 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x128c10 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294967091, next used block 16251135 | English | United States |
| RT_ICON | 0x128ef8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x129048 | 0x668 | data | English | United States |
| RT_ICON | 0x1296b0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294967295, next used block 15792376 | English | United States |
| RT_ICON | 0x129998 | 0x1e8 | data | English | United States |
| RT_ICON | 0x129b80 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x129ca8 | 0xea8 | data | English | United States |
| RT_ICON | 0x12ab50 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15198688, next used block 15395298 | English | United States |
| RT_ICON | 0x12b3f8 | 0x6c8 | data | English | United States |
| RT_ICON | 0x12bac0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x12c028 | 0x14a2a | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x140a58 | 0x25a8 | data | English | United States |
| RT_ICON | 0x143000 | 0x10a8 | data | English | United States |
| RT_ICON | 0x1440a8 | 0x988 | data | English | United States |
| RT_ICON | 0x144a30 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x144f58 | 0x2e8 | data | English | United States |
| RT_ICON | 0x145240 | 0xe0 | data | English | United States |
| RT_RCDATA | 0xdec50 | 0x8 | data | English | United States |
| RT_RCDATA | 0xdec48 | 0x4 | data | English | United States |
| RT_GROUP_ICON | 0xf83e8 | 0x92 | data | English | United States |
| RT_GROUP_ICON | 0x110a68 | 0x92 | data | English | United States |
| RT_GROUP_ICON | 0x128b50 | 0xbc | data | English | United States |
| RT_GROUP_ICON | 0x129020 | 0x22 | data | English | United States |
| RT_GROUP_ICON | 0x144e98 | 0xbc | data | English | United States |
| RT_GROUP_ICON | 0x145320 | 0x22 | data | English | United States |
| RT_VERSION | 0xde8c0 | 0x384 | data | English | United States |
| RT_MANIFEST | 0xde3e0 | 0x4df | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
| None | 0x17a950 | 0x18 | data | English | United States |
| None | 0x17a9a0 | 0x22 | data | English | United States |
| None | 0x17a968 | 0x34 | data | English | United States |
| None | 0x17a9c8 | 0xe | data | English | United States |
| None | 0x17a9d8 | 0x16 | data | English | United States |
Imports |
|---|
| DLL | Import |
|---|---|
| ADVAPI32.dll | TraceMessage, RegCloseKey, TraceEvent, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExW, RegQueryValueExW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, DuplicateEncryptionInfoFile, RegCreateKeyW, RegDeleteValueW, RegDeleteKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW |
| KERNEL32.dll | FreeLibrary, FindFirstFileExW, CompareFileTime, GetStringTypeExW, RaiseException, LocalAlloc, lstrlenW, GetUserDefaultUILanguage, LoadLibraryW, GetPrivateProfileSectionNamesW, WritePrivateProfileSectionW, GetPrivateProfileStringW, WritePrivateProfileStringW, WriteFile, CreateFileW, CreateDirectoryW, SetFileAttributesW, GetFileAttributesExW, GetLocalTime, HeapAlloc, GetProcessHeap, FormatMessageW, HeapFree, ExpandEnvironmentStringsW, GetLongPathNameW, GetTimeFormatW, GetDateFormatW, FileTimeToLocalFileTime, GetTempFileNameW, FileTimeToSystemTime, GetCalendarInfoW, GetDriveTypeW, GetFullPathNameW, GlobalReAlloc, Sleep, CloseHandle, WaitForSingleObject, CreateThread, CreateEventW, WaitForMultipleObjects, SetEvent, LocalFileTimeToFileTime, GetModuleFileNameW, LockResource, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetUserDefaultLCID, GetNumberFormatW, GetLocaleInfoW, lstrlenA, WideCharToMultiByte, MultiByteToWideChar, SizeofResource, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, lstrcmpW, SystemTimeToFileTime, GetSystemTime, GlobalFree, GetModuleHandleExW, GetComputerNameW, SetLastError, LoadResource, FindResourceW, GetTickCount, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, CopyFileW, SetCurrentDirectoryW, RegisterApplicationRestart, HeapSetInformation, GetCurrentThreadId, CompareStringW, GetLastError, MulDiv, lstrcmpiW, GlobalSize, GlobalUnlock, GlobalLock, GlobalAlloc, GetTempPathW, GetFileAttributesW, DeleteFileW, GetSystemDirectoryW, FindClose, FindNextFileW, FindFirstFileW, CreateProcessW, LocalFree, GetProcAddress, LoadLibraryExA |
| GDI32.dll | GetStockObject, CreateRectRgnIndirect, DeleteObject, SetBkMode, SetBkColor, SetTextColor, LineTo, MoveToEx, CreateSolidBrush, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, SelectObject, CreatePen, BitBlt, GetObjectW, DeleteEnhMetaFile, CopyEnhMetaFileW, GetObjectA, FillRgn, CombineRgn, RestoreDC, SaveDC, SetLayout, PatBlt, GetDIBits, SelectPalette, Polygon, SetDCPenColor, GetTextExtentPoint32W, MaskBlt, GetTextMetricsW, CreateFontIndirectW, GetCharWidthW, CreateFontW, Rectangle, OffsetWindowOrgEx, CreateCompatibleBitmap, CreateCompatibleDC, GetDeviceCaps, RealizePalette |
| USER32.dll | SetWindowPlacement, GetWindowPlacement, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, TrackPopupMenu, InsertMenuItemW, SetFocus, GetWindowRect, GetFocus, SetRectEmpty, EnableWindow, SendMessageW, LoadImageW, GetWindowInfo, SystemParametersInfoW, GetDlgItem, DestroyCursor, SetWindowPos, SendMessageTimeoutW, CreateWindowExW, GetSystemMetrics, MoveWindow, GetClientRect, GetDlgCtrlID, RegisterPowerSettingNotification, UnregisterPowerSettingNotification, UpdateWindow, GetDC, ReleaseDC, IsWindow, IsWindowVisible, OffsetRect, MonitorFromRect, GetMonitorInfoW, CopyRect, IntersectRect, MessageBeep, PostMessageW, IsWindowEnabled, GetActiveWindow, ClientToScreen, WindowFromPoint, LoadMenuW, GetSubMenu, SetForegroundWindow, GetMenuItemCount, GetMenuItemID, ModifyMenuW, CheckMenuItem, EnableMenuItem, RedrawWindow, MonitorFromWindow, IsRectEmpty, GetSysColor, GetDesktopWindow, IsZoomed, GetSystemMenu, RemoveMenu, InflateRect, SetRect, LoadStringW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, LockWindowUpdate, WaitForInputIdle, MessageBoxW, LoadIconW, InvalidateRect, TrackPopupMenuEx, MapWindowPoints, AppendMenuW, DestroyWindow, GetWindowLongW, GetClassInfoW, RegisterClassW, GetWindow, SetCapture, DrawFrameControl, ReleaseCapture, DefWindowProcW, UnionRect, IsChild, GetMessageTime, GetMessagePos, DrawFocusRect, SetWindowLongW, BeginPaint, EndPaint, LoadBitmapW, GetParent, FrameRect, ScreenToClient, GetDlgItemTextW, SetDlgItemTextW, GetKeyboardLayout, CharPrevW, CharNextW, LoadAcceleratorsW, EnumChildWindows, TranslateAcceleratorW, GetNextDlgTabItem, MapDialogRect, ShowWindow, CallWindowProcW, PeekMessageW, TranslateMessage, DispatchMessageW, PostQuitMessage, GetProcessDefaultLayout, SetCursorPos, SetCursor, GetCapture, GetCursorPos, GetKeyState, GetScrollPos, SetScrollPos, CheckDlgButton, IsDlgButtonChecked, DestroyIcon, CharLowerW, TrackMouseEvent, InsertMenuW, DrawMenuBar, SetMenuItemBitmaps, DeleteMenu, GetMenuStringW, DestroyMenu, GetForegroundWindow, FindWindowW, PtInRect, GetLastActivePopup, SetActiveWindow, GetMenuItemRect, EqualRect, CreatePopupMenu, SetMenuItemInfoW, DrawEdge, GetAsyncKeyState, GetCursor, GetWindowDC, GetSysColorBrush, GetDoubleClickTime, SetWindowRgn, FillRect, DrawIconEx, DrawTextW, KillTimer, SetTimer, LoadCursorW, IsIconic |
| MFC42u.dll | |
| msvcp60.dll | ?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB, ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z, ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z, ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z, ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z, ??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z, ??0_Lockit@std@@QAE@XZ, ??1_Lockit@std@@QAE@XZ, ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ |
| msvcrt.dll | swscanf, calloc, wcsncmp, towlower, iswupper, _except_handler4_common, _controlfp, ?terminate@@YAXXZ, _onexit, __dllonexit, _unlock, _lock, ??1type_info@@UAE@XZ, _wcmdln, _initterm, __setusermatherr, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __p__commode, _XcptFilter, _callnewh, malloc, wcstoul, _ultow, _purecall, _ltow, qsort, _itow, wcsrchr, tolower, strstr, _wtol, wcschr, iswspace, memmove, _wcsnicmp, free, ceil, _wcsicmp, _wtoi, _vsnwprintf, _CIpow, __CxxFrameHandler3, __RTDynamicCast, _ftol2, _ftol2_sse, memcmp, memcpy, strchr, iswpunct, iswlower, towupper, memset |
| ATL.DLL | |
| ntdll.dll | WinSqmIncrementDWORD, WinSqmIsOptedIn, EtwTraceMessage |
| COMCTL32.dll | CreatePropertySheetPageW, ImageList_AddMasked, ImageList_SetBkColor, ImageList_Draw, ImageList_Replace, ImageList_GetIconSize, ImageList_Destroy, ImageList_GetImageInfo, ImageList_GetImageCount, ImageList_Add, ImageList_Remove, ImageList_Create, ImageList_ReplaceIcon |
| SHELL32.dll | SHGetFileInfoW, SHAppBarMessage, SHBrowseForFolderW, SHGetMalloc, SHGetDesktopFolder, SHGetFolderLocation, SHCreateDirectoryExW, SHSetLocalizedName, SHPathPrepareForWriteW, SHGetFolderPathW, ShellAboutW, ShellExecuteExW, SHGetSettings, SHGetPathFromIDListW, SHGetSpecialFolderPathW, SHGetFolderPathAndSubDirW, SHFileOperationW, ShellExecuteW, SHAddToRecentDocs |
| SHLWAPI.dll | PathAddBackslashW, PathAppendW, StrRetToBufW, PathFindFileNameW, PathFindExtensionW, PathRemoveFileSpecW, PathIsDirectoryW, PathCompactPathExW, PathRemoveExtensionW, PathFileExistsW, PathStripPathW, PathGetDriveNumberW, SHDeleteValueW, PathCombineW, PathGetCharTypeW, PathRenameExtensionW, PathIsUNCServerW, PathFindSuffixArrayW, StrToIntW, PathIsNetworkPathW, StrChrW, PathStripToRootW, StrFormatByteSizeW, PathRemoveBackslashW, PathCommonPrefixW, PathAddExtensionW, StrToInt64ExW, PathCompactPathW, SHDeleteKeyW, PathUnquoteSpacesW |
| ole32.dll | PropVariantCopy, PropVariantClear, CreateStreamOnHGlobal, GetHGlobalFromStream, CoCreateInstance, StgCreateStorageEx, StgOpenStorageEx, CoGetClassObject, CoInitialize, CoUninitialize, CoTaskMemFree |
| OLEAUT32.dll | VariantClear, SystemTimeToVariantTime, VariantTimeToSystemTime, VarBstrFromBool, VarBstrFromI4, VarR8FromStr, SysAllocStringLen, SysStringLen, SysFreeString, SafeArrayCreate, SysAllocString, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayDestroy |
| UxTheme.dll | CloseThemeData, DrawThemeBackground, GetThemeSysColorBrush, IsThemeActive, GetThemeColor, GetThemeSysFont, OpenThemeData |
| gdiplus.dll | GdipCreateBitmapFromHBITMAP, GdipFree, GdipAlloc, GdipCloneImage, GdipDisposeImage, GdipSaveImageToStream, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdipGetImageEncodersSize, GdipGetImageEncoders, GdipCloneBitmapAreaI, GdipCreateImageAttributes, GdipDisposeImageAttributes, GdipSetImageAttributesColorMatrix, GdipCreateFromHDC, GdipDeleteGraphics, GdipDrawImageRectRectI, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHICON, GdipGetImageGraphicsContext, GdipDrawImageRectI, GdipGetDC, GdipCreateFontFromDC, GdipCreateFontFromLogfontA, GdipDeleteFont, GdipCreateSolidFill, GdipDeleteBrush, GdipCreateStringFormat, GdipDeleteStringFormat, GdipReleaseDC, GdipSetStringFormatFlags, GdipSetStringFormatAlign, GdipSetStringFormatLineAlign, GdipSetStringFormatHotkeyPrefix, GdipDrawString, GdipCreateBitmapFromGraphics, GdipFillRectangleI |
Version Infos |
|---|
| Description | Data |
|---|---|
| LegalCopyright | Microsoft Corporation. All rights reserved. |
| InternalName | Journal |
| FileVersion | 6.3.9600.16384 (winblue_rtm.130821-1623) |
| CompanyName | Microsoft Corporation |
| ProductName | Microsoft Windows Operating System |
| ProductVersion | 6.3.9600.16384 |
| FileDescription | Windows Journal |
| OriginalFilename | Journal.exe |
| Translation | 0x0409 0x04b0 |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 28, 2021 09:02:53.386607885 CEST | 49701 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:02:56.461025000 CEST | 49701 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:02.473582029 CEST | 49701 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:14.791035891 CEST | 49714 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:17.787390947 CEST | 49714 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:23.787832975 CEST | 49714 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:36.010983944 CEST | 49720 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:39.023607969 CEST | 49720 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:45.023981094 CEST | 49720 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:03:57.360526085 CEST | 49728 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:00.368980885 CEST | 49728 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:06.385082006 CEST | 49728 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:18.615545988 CEST | 49739 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:21.605103970 CEST | 49739 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:27.605583906 CEST | 49739 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:39.824364901 CEST | 49742 | 3361 | 192.168.2.5 | 172.111.153.139 |
| Apr 28, 2021 09:04:42.825614929 CEST | 49742 | 3361 | 192.168.2.5 | 172.111.153.139 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 28, 2021 09:02:29.947181940 CEST | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:30.007565022 CEST | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:30.062077045 CEST | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:30.119309902 CEST | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:30.134825945 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:30.183621883 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:30.260752916 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:30.309530973 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:30.700342894 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:30.750925064 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:32.894314051 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:32.947385073 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:35.826467991 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:35.875386000 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:44.565186024 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:44.614751101 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:48.156949997 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:48.217004061 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:52.700613022 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:52.865874052 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:02:59.154758930 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:02:59.220971107 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:03.266535044 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:03.319842100 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:04.214476109 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:04.263134003 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:05.383236885 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:05.437521935 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:06.557728052 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:06.606492043 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:09.187330961 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:09.236171961 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:14.626178980 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:14.789544106 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:15.498949051 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:15.556288004 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:16.600384951 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:16.652302980 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:17.738449097 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:17.788547039 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:18.683553934 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:18.737771034 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:25.437581062 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:25.488099098 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:35.950160980 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:36.009922028 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:46.357635975 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:46.406271935 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:51.309922934 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:51.374849081 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:03:57.192759037 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:03:57.357866049 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:04.797666073 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:04.846271992 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:05.389190912 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:05.451546907 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:06.035868883 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:06.092982054 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:06.533291101 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:06.592958927 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:07.113035917 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:07.164824009 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:07.710644007 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:07.773583889 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:08.211595058 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:08.276642084 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:09.139182091 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:09.201375008 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:10.661036015 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:10.711323023 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:11.179897070 CEST | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:11.238105059 CEST | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:18.542140007 CEST | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:18.590945005 CEST | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:21.214562893 CEST | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:21.266357899 CEST | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:22.407704115 CEST | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:22.472657919 CEST | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
| Apr 28, 2021 09:04:39.760154009 CEST | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 28, 2021 09:04:39.822333097 CEST | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Apr 28, 2021 09:02:52.700613022 CEST | 192.168.2.5 | 8.8.8.8 | 0x94e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 28, 2021 09:03:14.626178980 CEST | 192.168.2.5 | 8.8.8.8 | 0x5bfc | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 28, 2021 09:03:35.950160980 CEST | 192.168.2.5 | 8.8.8.8 | 0xa832 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 28, 2021 09:03:57.192759037 CEST | 192.168.2.5 | 8.8.8.8 | 0xe19e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 28, 2021 09:04:18.542140007 CEST | 192.168.2.5 | 8.8.8.8 | 0xe2cd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 28, 2021 09:04:39.760154009 CEST | 192.168.2.5 | 8.8.8.8 | 0xd065 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Apr 28, 2021 09:02:52.865874052 CEST | 8.8.8.8 | 192.168.2.5 | 0x94e0 | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) | ||
| Apr 28, 2021 09:03:14.789544106 CEST | 8.8.8.8 | 192.168.2.5 | 0x5bfc | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) | ||
| Apr 28, 2021 09:03:36.009922028 CEST | 8.8.8.8 | 192.168.2.5 | 0xa832 | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) | ||
| Apr 28, 2021 09:03:57.357866049 CEST | 8.8.8.8 | 192.168.2.5 | 0xe19e | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) | ||
| Apr 28, 2021 09:04:18.590945005 CEST | 8.8.8.8 | 192.168.2.5 | 0xe2cd | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) | ||
| Apr 28, 2021 09:04:39.822333097 CEST | 8.8.8.8 | 192.168.2.5 | 0xd065 | No error (0) | 172.111.153.139 | A (IP address) | IN (0x0001) |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 09:02:36 |
| Start date: | 28/04/2021 |
| Path: | C:\Users\user\Desktop\6c9e4dd7_by_Libranalysis.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2019840 bytes |
| MD5 hash: | 6C9E4DD7DAAB40A2B40DB3D13279EE2E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 09:02:44 |
| Start date: | 28/04/2021 |
| Path: | C:\Users\user\AppData\Roaming\Install\Host.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2019840 bytes |
| MD5 hash: | 6C9E4DD7DAAB40A2B40DB3D13279EE2E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Non-executed Functions |
|---|
Function 00440BC5, Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 231registrymemorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004328A6, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00466E2B, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 255commemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048F1FF, Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 274filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048EB15, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 127filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047DA73, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00440840, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AE03F, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 189comCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00485EDE, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BDB47, Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 283stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BED37, Relevance: 6.0, APIs: 4, Instructions: 13COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B81C1, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00441DFD, Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 413stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047D021, Relevance: 68.6, APIs: 38, Strings: 1, Instructions: 305stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C0E6, Relevance: 65.1, APIs: 30, Strings: 7, Instructions: 356windowregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004426C6, Relevance: 61.6, APIs: 33, Strings: 2, Instructions: 308stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00434E48, Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 248windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E6D4, Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 228windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00432A4D, Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 200windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BCB73, Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 274fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047CE44, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 169memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DCE7, Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 253memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00497D36, Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 284windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004459CB, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 233stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047A3D6, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 148stringnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047B6DD, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 150stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048744B, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 105registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0045091E, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00442CAC, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 143processstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CE31, Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0046F89F, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 223windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044512E, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 193stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00430945, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047785B, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 108synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004782B3, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00481B48, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 204memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00490590, Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 350stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00457896, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 263windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C0F4, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 179stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00496332, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C133, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 163stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0043341B, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 119windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A8919, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047AC81, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 194timememoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047B447, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 192windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048611E, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 186memorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004960D5, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 153stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047BBEC, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 140registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004965D3, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 125filestringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004914A7, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 124stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00470643, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00491013, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 164stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00441828, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 157fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00478175, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047CBF8, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 93memoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C5A2, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00472511, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 62registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00434658, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00443BB9, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00444E1E, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00459C54, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004650C0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85registrystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E3BF, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00491253, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 155stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F1AB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BD580, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00428251, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 121keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004954D9, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 98stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004935BC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A7E5B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86filestringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0045ABEA, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044D3AE, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 78windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F845, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 75fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DA1A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004752F7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E833, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004843F6, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 218windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00476862, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 193stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00493B0B, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 140stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004348BA, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C5BF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00497A05, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00494D7B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00458573, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 85windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00426BB4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00450B48, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004599F2, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00479295, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 62synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00457451, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004863F7, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A7CFC, Relevance: 9.0, APIs: 6, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C4FA, Relevance: 9.0, APIs: 6, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00482CC4, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 169registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A20CB, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004409F4, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 163comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A8170, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00493088, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DD8E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00479C19, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047AB67, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004430CF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00490C2E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00448886, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00464B93, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048F60E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A9EC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00428DC2, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048412E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00445E38, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E59A, Relevance: 7.6, APIs: 5, Instructions: 111COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047D4BD, Relevance: 7.5, APIs: 5, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A83A4, Relevance: 7.5, APIs: 5, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00435600, Relevance: 7.5, APIs: 5, Instructions: 14COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00464CBC, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0045867C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004A7454, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004940E9, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A186, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049232D, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00494CA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00457379, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00464995, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00492414, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044FE6E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00465B59, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00434461, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004659D3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A3F7, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AFA28, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004936F8, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A48B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00434509, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047546A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00494219, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0044CC4A, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C511, Relevance: 6.0, APIs: 4, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004651CA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048427E, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047BDC9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004BCA9C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00480911, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00441C11, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00495353, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004795E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004356C7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A24B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AFAB3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00485570, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00498139, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF990, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0049564C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00479E0E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF3C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004B01BF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF33B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004283CD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004924F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF5D6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004ADBF6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00435580, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0048F8DD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00486580, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0047F46F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004876C6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00445DE5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00483176, Relevance: 5.1, APIs: 4, Instructions: 123COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |