Analysis Report A5uTdwOwJ1.dll
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "KujE77ctKyR8x3/dODwZbEsxGmck+FW9384s5u0Kacw8y1gCN+8m2bfjJPovkn+Uzufcdfss+a43eI6oHR1KgWQmvEAO6LK8tJv+Wl7iCBPJP7eef8xKeXht/Mhk1PSj7mHnJ9lcqKMtTteEdSecVvMRtb/WSKVTFfHDva9My7AJ/NbXqHdzCG7znACswLxD", "c2_domain": ["outlook.com/login", "gmail.com", "worunekulo.club", "horunekulo.website"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_6D4A5AB0 | |
Source: | Code function: | 3_2_02B64C3B | |
Source: | Code function: | 3_2_6D4A5AB0 |
Source: | Memory has grown: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6D4323A5 | |
Source: | Code function: | 3_2_6D4315F1 | |
Source: | Code function: | 3_2_6D431F14 | |
Source: | Code function: | 3_2_6D4323A5 | |
Source: | Code function: | 3_2_02B61168 | |
Source: | Code function: | 3_2_02B6B2F1 |
Source: | Code function: | 0_2_6D432184 | |
Source: | Code function: | 3_2_6D432184 | |
Source: | Code function: | 3_2_02B6B0CC | |
Source: | Code function: | 3_2_02B6696A | |
Source: | Code function: | 3_2_02B61B6A |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_02B67F56 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_6D4317FA |
Source: | Static PE information: |
Source: | Code function: | 0_2_6D432183 | |
Source: | Code function: | 0_2_6D432129 | |
Source: | Code function: | 0_2_6D5006DC | |
Source: | Code function: | 3_2_6D432183 | |
Source: | Code function: | 3_2_6D432129 | |
Source: | Code function: | 3_2_02B6B0CB | |
Source: | Code function: | 3_2_02B6AD09 | |
Source: | Code function: | 3_2_6D5006DC |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_6D4611D0 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_6D4A5AB0 | |
Source: | Code function: | 3_2_02B64C3B | |
Source: | Code function: | 3_2_6D4A5AB0 |
Source: | Code function: | 0_2_6D474F60 |
Source: | Code function: | 0_2_6D4A0480 |
Source: | Code function: | 0_2_6D4317FA |
Source: | Code function: | 0_2_6D4A4D80 | |
Source: | Code function: | 0_2_6D4A4CE0 | |
Source: | Code function: | 0_2_6D4A4E20 | |
Source: | Code function: | 0_2_6D477960 | |
Source: | Code function: | 0_2_6D4FC536 | |
Source: | Code function: | 0_2_6D4FC46C | |
Source: | Code function: | 0_2_6D4FC073 | |
Source: | Code function: | 3_2_6D4A4D80 | |
Source: | Code function: | 3_2_6D4A4CE0 | |
Source: | Code function: | 3_2_6D4A4E20 | |
Source: | Code function: | 3_2_6D477960 | |
Source: | Code function: | 3_2_6D4FC536 | |
Source: | Code function: | 3_2_6D4FC46C | |
Source: | Code function: | 3_2_6D4FC073 |
Source: | Code function: | 0_2_6D474F60 | |
Source: | Code function: | 0_2_6D4636C0 | |
Source: | Code function: | 0_2_6D463990 | |
Source: | Code function: | 0_2_6D4638F0 | |
Source: | Code function: | 3_2_6D474F60 | |
Source: | Code function: | 3_2_6D4636C0 | |
Source: | Code function: | 3_2_6D463990 | |
Source: | Code function: | 3_2_6D4638F0 |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_02B62D6E |
Source: | Code function: | 0_2_6D431237 |
Source: | Code function: | 3_2_02B62D6E |
Source: | Code function: | 0_2_6D431CDD |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Application Shimming1 | Process Injection12 | Masquerading1 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Application Shimming1 | Process Injection12 | LSASS Memory | Security Software Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Extra Window Memory Injection1 | Obfuscated Files or Information1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rundll321 | NTDS | Account Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Extra Window Memory Injection1 | LSA Secrets | System Owner/User Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery13 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
outlook.com | 40.97.116.82 | true | false | high | |
HHN-efz.ms-acdc.office.com | 40.101.138.210 | true | false | high | |
www.outlook.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 410913 |
Start date: | 11.05.2021 |
Start time: | 12:56:38 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | A5uTdwOwJ1.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.troj.winDLL@14/4@3/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:59:18 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HHN-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 21592 |
Entropy (8bit): | 1.7538928547404984 |
Encrypted: | false |
SSDEEP: | 48:IwVGcpr8GwpL/G/ap8hGIpcWGvnZpvUoGokPqp9RGo4wqzpmpGWk5YTR:rLZ0Zn2jWztUxifiwqzMYCV |
MD5: | B9765F08D46BFC88BBFDCCFC0D775FF6 |
SHA1: | 8160BFAE549AB412C71C7AB0DD67FE046F8BE085 |
SHA-256: | 0AA48A18F107E6EA8C938E35497041F02B8389C6F763AC2B43EF55C7C38EBCB2 |
SHA-512: | 7C86AE85DC93DC7D0BEFBA30C6B7A9794145E35633E5722C9726AA755E58973FEAEBF07ECDD03744F9E88FF0E121F93DED4780C00C3E8437EB884C99CFC55315 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5736827119957864 |
Encrypted: | false |
SSDEEP: | 48:Iwa7GcprHGwpaUG4pQoGrapbS7GQpBSGHHpcvTGUpG:rahZRQk62BS1jp25A |
MD5: | 5EAB8D7BB7320BB13DEB73905A1A53FB |
SHA1: | 4B28FC7F388C96242071D35AD7E75D928508C311 |
SHA-256: | 901D4FD58A650A36B0F17605AF165FDA50C6B9F26C44DBA3C940C0BCE0C0689F |
SHA-512: | 19D5128ABD62B212D4E445405BA6257632CA2DCD0A794DD0D9733FBD108EA76D8BB657E4134E71178577FD1C38DA825378628D3FAA01573C82E6C58193DA53D7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25657 |
Entropy (8bit): | 0.3144468490138463 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwSz9lwSz9l2S6:kBqoxKAuvScS+1bN |
MD5: | 82A8AF58D95219C47E4A30F27A7C206E |
SHA1: | C20BBE085E1EDA657B8E68E513C2A10E3235BE54 |
SHA-256: | F1BAB6976EAEDB52338DE2D26B481D9C33EDA97219D5238FF5A3F3482F2AC385 |
SHA-512: | A729B550BBDA1DE7C946CE4AF0715D88E082E0AC287C95AD146D9D189E6EE33D5B6686741009FC35B856BCC7A6727420DE11BFFA23B5C81044907FA1801C6EB5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12917 |
Entropy (8bit): | 0.39582328508219533 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9logi9logS9lWgfE:kBqoIC85 |
MD5: | 857EE0C1FAE8C14013D145E688ECCCE8 |
SHA1: | E692896F7D7BFF731D73C947851F3C1C1E26FA08 |
SHA-256: | 4DA381D3C5014EE7A29C1BF58AA4C4B5BF5225A3AE40A3021A2A2E6976380BD5 |
SHA-512: | FA43E3BE7959D040AB1EED343E350271892A5A8DAC4972143F1AAD092E77B1C6AD1B071E9AAE45AEC92DC4CD742A988F102646385C98273121C683F8BBA71985 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.388583358089739 |
TrID: |
|
File name: | A5uTdwOwJ1.dll |
File size: | 841216 |
MD5: | 1752fe2b8419be8241ecd08859a5800f |
SHA1: | eb7346a6d5a53ddaf8fd073f266c64d642b40a7d |
SHA256: | e81869620b9a18c3702c7be2fcf2e170cbc5c3de1ddbc84ae1fe190b57e917a0 |
SHA512: | 0718e566bdec828d59890818a65af53f467d1bab92abbdd2ecfe3eca55be7ad3692793e4310ea41f2ab2a9f5e9fe6d29e1873cacc1614c6f2cceaf6b320c8f15 |
SSDEEP: | 12288:mzCoXRvNZrA8Res/TPUOjUUGcqcoWEx9kMGUS6vOV5y4gnuD5wtqqB7ol:udNZr5RLL1AZ/clUnHvk5hgU |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..`...........!.................0....................................................@..........................{..x.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1033080 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6092C34C [Wed May 5 16:09:48 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | dc55991f7b8a912c780d10d352635290 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FDB40955B47h |
call 00007FDB40956817h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007FDB40955926h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov dword ptr [ebp-04h], ecx |
mov esp, ebp |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov eax, dword ptr [ebp+08h] |
mov ecx, dword ptr [eax] |
mov dword ptr [ebp-04h], ecx |
mov eax, dword ptr [ebp-04h] |
mov esp, ebp |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FDB40955B19h |
add esp, 04h |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FDB40955BB9h |
add esp, 04h |
test eax, eax |
je 00007FDB40955B43h |
int3 |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FDB40955B99h |
add esp, 04h |
test eax, eax |
je 00007FDB40955B49h |
mov ecx, 00000041h |
int 29h |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov eax, dword ptr [ebp+08h] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc7bb0 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc7c28 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe8000 | 0x3a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe9000 | 0x51e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc5ecc | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc5f20 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9b000 | 0x1a4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x997af | 0x99800 | False | 0.488931761502 | data | 6.50078545852 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x9b000 | 0x2d5aa | 0x2d600 | False | 0.326892863292 | data | 4.74980452387 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xc9000 | 0x1efdc | 0xe00 | False | 0.209821428571 | data | 3.01039741419 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe8000 | 0x3a0 | 0x400 | False | 0.404296875 | data | 3.03375733203 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe9000 | 0x51e0 | 0x5200 | False | 0.770293445122 | data | 6.74990882481 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xe8060 | 0x340 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CreateFileW, GetWindowsDirectoryW, ReadFile, GetConsoleMode, OpenMutexW, CloseHandle, GetFileSize, DeleteCriticalSection, ReadConsoleW, VirtualProtectEx, GetConsoleCP, FlushFileBuffers, SetFilePointerEx, GetFileSizeEx, SetStdHandle, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, EncodePointer, FreeLibrary, LoadLibraryExW, GetModuleFileNameW, GetModuleHandleExW, ExitProcess, HeapAlloc, HeapValidate, GetSystemInfo, GetCurrentThread, GetStdHandle, GetFileType, WriteFile, OutputDebugStringW, WriteConsoleW, SetConsoleCtrlHandler, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, DecodePointer |
UxTheme.dll | CloseThemeData |
AVIFIL32.dll | AVIFileGetStream, AVIFileOpenW, AVIFileExit, AVIFileInit, AVIFileEndRecord |
TAPI32.dll | lineRedirectW, lineInitialize, lineHold, lineShutdown, lineTranslateAddressW |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Hundredpopulate@@8 | 1 | 0x1030208 |
Mark@@12 | 2 | 0x10303fe |
Seefit@@8 | 3 | 0x103046c |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Dad plan Corporation. All rights reserved |
InternalName | Team Lonesell |
FileVersion | 7.2.6.201 |
CompanyName | Dad plan Corporation |
These | 95 |
ProductName | Dad plan Fair fell |
ProductVersion | 7.2.6.201 |
FileDescription | Dad plan Fair fell |
OriginalFilename | fall.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 11, 2021 12:57:28.205221891 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:28.254018068 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:28.258095980 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:28.309806108 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:28.481270075 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:28.541296959 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:30.231909990 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:30.283821106 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:31.195168018 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:31.249306917 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:31.965966940 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:32.017632961 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:33.175950050 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:33.234396935 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:34.227926016 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:34.276879072 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:57:35.045386076 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:57:35.094764948 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:58:05.709156036 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:58:05.766822100 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:10.954557896 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:11.003338099 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:13.758358955 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:13.819736958 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:13.830044985 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:13.878669024 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:14.270876884 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:14.339066982 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:14.962776899 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:15.016153097 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:15.930468082 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:15.979353905 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:16.595551014 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:16.655761003 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:16.871294975 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:16.920097113 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:17.917881966 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:17.968229055 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:18.826654911 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:18.887479067 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:19.947118998 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:19.998945951 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:21.046000957 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:21.094729900 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:22.124907017 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:22.173950911 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:23.050267935 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:23.099495888 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:23.971749067 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:24.020672083 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:39.877810955 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:39.939281940 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:41.132989883 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:41.183327913 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:42.164243937 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:42.221401930 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
May 11, 2021 12:59:42.400079012 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
May 11, 2021 12:59:42.448762894 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 11, 2021 12:59:41.132989883 CEST | 192.168.2.4 | 8.8.8.8 | 0x8bf7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 11, 2021 12:59:42.164243937 CEST | 192.168.2.4 | 8.8.8.8 | 0xdcad | Standard query (0) | A (IP address) | IN (0x0001) | |
May 11, 2021 12:59:42.400079012 CEST | 192.168.2.4 | 8.8.8.8 | 0xb7af | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 11, 2021 12:59:13.819736958 CEST | 8.8.8.8 | 192.168.2.4 | 0xb976 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:41.183327913 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bf7 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | 40.101.138.210 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | 52.98.151.242 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | 40.101.136.18 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.221401930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdcad | No error (0) | 52.97.233.34 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | 40.101.137.50 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | 52.97.233.66 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | 52.97.233.34 | A (IP address) | IN (0x0001) | ||
May 11, 2021 12:59:42.448762894 CEST | 8.8.8.8 | 192.168.2.4 | 0xb7af | No error (0) | 52.98.152.178 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:57:34 |
Start date: | 11/05/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:57:35 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:57:35 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:57:35 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 12:57:39 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:57:42 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:59:38 |
Start date: | 11/05/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff621d60000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:59:39 |
Start date: | 11/05/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x850000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 6D4FC536, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 318memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431237, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431F56, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4310E8, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D43173D, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6D4611D0, Relevance: 61.8, APIs: 41, Instructions: 290libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431CDD, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D474F60, Relevance: 4.6, APIs: 3, Instructions: 81COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4638F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A4D80, Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A4CE0, Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D432184, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4FC073, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4FC46C, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D477960, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A4E20, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4B5F20, Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 321timememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46C550, Relevance: 33.2, APIs: 22, Instructions: 210COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46C8E0, Relevance: 30.3, APIs: 20, Instructions: 327COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46E490, Relevance: 24.2, APIs: 16, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D471570, Relevance: 19.6, APIs: 13, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470980, Relevance: 15.2, APIs: 10, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470C30, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D471F50, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470DD0, Relevance: 12.1, APIs: 8, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D469A30, Relevance: 12.1, APIs: 8, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A5290, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 221timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D472650, Relevance: 9.1, APIs: 6, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46EA30, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46D370, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D462D80, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D466D10, Relevance: 6.2, APIs: 4, Instructions: 211COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A4FC0, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A5100, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A23F0, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D479370, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02B64C3B, Relevance: 34.7, APIs: 23, Instructions: 222memoryfiletimeCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4FC536, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 318memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4315F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431F14, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4B5F20, Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 321timememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431237, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B654DA, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431F56, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4310E8, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B66BC0, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D43173D, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A71D0, Relevance: 4.6, APIs: 3, Instructions: 135timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B6579B, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68A1D, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431E32, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A7650, Relevance: 3.3, APIs: 2, Instructions: 297COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B659F9, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B63F0E, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B66456, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B6497C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4310BC, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431699, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B667C4, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B64B9D, Relevance: 1.3, APIs: 1, Instructions: 43memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B66872, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4611D0, Relevance: 61.8, APIs: 41, Instructions: 290libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46C550, Relevance: 33.2, APIs: 22, Instructions: 210COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46C8E0, Relevance: 30.3, APIs: 20, Instructions: 327COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46E490, Relevance: 24.2, APIs: 16, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D471570, Relevance: 19.6, APIs: 13, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B6AD95, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209libraryCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470980, Relevance: 15.2, APIs: 10, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470C30, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D471F50, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D470DD0, Relevance: 12.1, APIs: 8, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4735D0, Relevance: 12.1, APIs: 8, Instructions: 121COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D469A30, Relevance: 12.1, APIs: 8, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A5290, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 221timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B64EEC, Relevance: 10.6, APIs: 7, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68840, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4667D0, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D472650, Relevance: 9.1, APIs: 6, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46EA30, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46C470, Relevance: 9.1, APIs: 6, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B63F60, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D46D370, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D473330, Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B61363, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D462D80, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B65722, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B614CE, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D466D10, Relevance: 6.2, APIs: 4, Instructions: 211COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68D85, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B612F8, Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A4FC0, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A5100, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4A23F0, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68634, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B664A0, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68AED, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D431CDD, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B6469F, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D479370, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68389, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68FE0, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02B68007, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |