Analysis Report 2FQhmYZME4.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "http://myurl/myfile.bin"}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | Binary or memory string: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Process Stats: |
Source: | Code function: | 1_2_02C06AA2 | |
Source: | Code function: | 1_2_02C06AA7 | |
Source: | Code function: | 1_2_02C06BB7 | |
Source: | Code function: | 1_2_02C06B1B | |
Source: | Code function: | 1_2_02C06CCD | |
Source: | Code function: | 1_2_02C06AA2 | |
Source: | Code function: | 1_2_02C06C71 |
Source: | Code function: | 1_2_0040560F | |
Source: | Code function: | 1_2_00401C10 | |
Source: | Code function: | 1_2_02C06AA2 | |
Source: | Code function: | 1_2_02C05AD5 | |
Source: | Code function: | 1_2_02C056DD | |
Source: | Code function: | 1_2_02C012F1 | |
Source: | Code function: | 1_2_02C0A6F1 | |
Source: | Code function: | 1_2_02C032F5 | |
Source: | Code function: | 1_2_02C00EF7 | |
Source: | Code function: | 1_2_02C046A1 | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C06AA7 | |
Source: | Code function: | 1_2_02C016A9 | |
Source: | Code function: | 1_2_02C0A6AA | |
Source: | Code function: | 1_2_02C072AF | |
Source: | Code function: | 1_2_02C066B0 | |
Source: | Code function: | 1_2_02C09EB3 | |
Source: | Code function: | 1_2_02C052B7 | |
Source: | Code function: | 1_2_02C066BB | |
Source: | Code function: | 1_2_02C04645 | |
Source: | Code function: | 1_2_02C0AA45 | |
Source: | Code function: | 1_2_02C01E4B | |
Source: | Code function: | 1_2_02C05A4E | |
Source: | Code function: | 1_2_02C0565F | |
Source: | Code function: | 1_2_02C03A6A | |
Source: | Code function: | 1_2_02C01E6D | |
Source: | Code function: | 1_2_02C0AA7E | |
Source: | Code function: | 1_2_02C0521E | |
Source: | Code function: | 1_2_02C0162D | |
Source: | Code function: | 1_2_02C07231 | |
Source: | Code function: | 1_2_02C0A63C | |
Source: | Code function: | 1_2_02C037D5 | |
Source: | Code function: | 1_2_02C037D7 | |
Source: | Code function: | 1_2_02C05BE0 | |
Source: | Code function: | 1_2_02C013E9 | |
Source: | Code function: | 1_2_02C03BEF | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C05B85 | |
Source: | Code function: | 1_2_02C0A796 | |
Source: | Code function: | 1_2_02C053B9 | |
Source: | Code function: | 1_2_02C0A7BA | |
Source: | Code function: | 1_2_02C0A752 | |
Source: | Code function: | 1_2_02C05763 | |
Source: | Code function: | 1_2_02C03B66 | |
Source: | Code function: | 1_2_02C0136A | |
Source: | Code function: | 1_2_02C06F78 | |
Source: | Code function: | 1_2_02C05300 | |
Source: | Code function: | 1_2_02C0AB0D | |
Source: | Code function: | 1_2_02C03B0E | |
Source: | Code function: | 1_2_02C01729 | |
Source: | Code function: | 1_2_02C0333E | |
Source: | Code function: | 1_2_02C008C8 | |
Source: | Code function: | 1_2_02C038C9 | |
Source: | Code function: | 1_2_02C0A8D9 | |
Source: | Code function: | 1_2_02C058E4 | |
Source: | Code function: | 1_2_02C070E6 | |
Source: | Code function: | 1_2_02C044EA | |
Source: | Code function: | 1_2_02C058F6 | |
Source: | Code function: | 1_2_02C06AA2 | |
Source: | Code function: | 1_2_02C07085 | |
Source: | Code function: | 1_2_02C0108B | |
Source: | Code function: | 1_2_02C05099 | |
Source: | Code function: | 1_2_02C054B0 | |
Source: | Code function: | 1_2_02C014B5 | |
Source: | Code function: | 1_2_02C0A842 | |
Source: | Code function: | 1_2_02C01446 | |
Source: | Code function: | 1_2_02C03846 | |
Source: | Code function: | 1_2_02C08453 | |
Source: | Code function: | 1_2_02C05C6C | |
Source: | Code function: | 1_2_02C07077 | |
Source: | Code function: | 1_2_02C0587D | |
Source: | Code function: | 1_2_02C01001 | |
Source: | Code function: | 1_2_02C05812 | |
Source: | Code function: | 1_2_02C0543B | |
Source: | Code function: | 1_2_02C055C5 | |
Source: | Code function: | 1_2_02C00DCB | |
Source: | Code function: | 1_2_02C071CE | |
Source: | Code function: | 1_2_02C039D3 | |
Source: | Code function: | 1_2_02C071D5 | |
Source: | Code function: | 1_2_02C0B5E7 | |
Source: | Code function: | 1_2_02C011ED | |
Source: | Code function: | 1_2_02C00DFF | |
Source: | Code function: | 1_2_02C05185 | |
Source: | Code function: | 1_2_02C07194 | |
Source: | Code function: | 1_2_02C045A3 | |
Source: | Code function: | 1_2_02C015AF | |
Source: | Code function: | 1_2_02C0A9B7 | |
Source: | Code function: | 1_2_02C059BD | |
Source: | Code function: | 1_2_02C0A942 | |
Source: | Code function: | 1_2_02C05555 | |
Source: | Code function: | 1_2_02C0B55A | |
Source: | Code function: | 1_2_02C0395D | |
Source: | Code function: | 1_2_02C01562 | |
Source: | Code function: | 1_2_02C0B56A | |
Source: | Code function: | 1_2_02C01179 | |
Source: | Code function: | 1_2_02C05D06 | |
Source: | Code function: | 1_2_02C0A90B | |
Source: | Code function: | 1_2_02C04515 | |
Source: | Code function: | 1_2_02C0111D | |
Source: | Code function: | 1_2_02C0AD1E | |
Source: | Code function: | 1_2_02C05923 | |
Source: | Code function: | 1_2_02C05125 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_00409E61 | |
Source: | Code function: | 1_2_00406830 | |
Source: | Code function: | 1_2_004094F5 | |
Source: | Code function: | 1_2_0040835C | |
Source: | Code function: | 1_2_00408B58 | |
Source: | Code function: | 1_2_00406590 | |
Source: | Code function: | 1_2_0041EC24 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 1_2_02C032F5 | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C052B7 | |
Source: | Code function: | 1_2_02C03A6A | |
Source: | Code function: | 1_2_02C0521E | |
Source: | Code function: | 1_2_02C037D5 | |
Source: | Code function: | 1_2_02C037D7 | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C05300 | |
Source: | Code function: | 1_2_02C038C9 | |
Source: | Code function: | 1_2_02C05099 | |
Source: | Code function: | 1_2_02C03846 | |
Source: | Code function: | 1_2_02C08453 | |
Source: | Code function: | 1_2_02C00DCB | |
Source: | Code function: | 1_2_02C039D3 | |
Source: | Code function: | 1_2_02C05185 | |
Source: | Code function: | 1_2_02C0AD9B | |
Source: | Code function: | 1_2_02C0395D | |
Source: | Code function: | 1_2_02C0AD1E | |
Source: | Code function: | 1_2_02C05125 |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 1_2_02C0B6C1 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Anti Debugging: |
---|
Found potential dummy code loops (likely to delay analysis) | Show sources |
Source: | Process Stats: |
Source: | Code function: | 1_2_02C0B6C1 |
Source: | Code function: | 1_2_02C0A6F1 | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C0A6AA | |
Source: | Code function: | 1_2_02C0A63C | |
Source: | Code function: | 1_2_02C08FC3 | |
Source: | Code function: | 1_2_02C037D5 | |
Source: | Code function: | 1_2_02C0A6A5 | |
Source: | Code function: | 1_2_02C0A796 | |
Source: | Code function: | 1_2_02C0A752 | |
Source: | Code function: | 1_2_02C044EA | |
Source: | Code function: | 1_2_02C09956 | |
Source: | Code function: | 1_2_02C06570 | |
Source: | Code function: | 1_2_02C04515 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_02C09968 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Virtualization/Sandbox Evasion11 | Input Capture1 | Security Software Discovery41 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Virtualization/Sandbox Evasion11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery311 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 431752 |
Start date: | 09.06.2021 |
Start time: | 08:48:15 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 2FQhmYZME4.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal92.rans.troj.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.650237570705559 |
TrID: |
|
File name: | 2FQhmYZME4.exe |
File size: | 147456 |
MD5: | 196b3c910b8d74c5916029f6eb037d5d |
SHA1: | 37968cade61e54ce0c4ec24e83c35fadd583019f |
SHA256: | 4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361 |
SHA512: | 94197b2135bf0317494a30c1e800b3dba1fcc0a76299627f2361cfadafbf245dca47b8abbe9530d94f1b65013d5eccffe1e11af241c44425870553be6660d95c |
SSDEEP: | 1536:IFXJHkDZ+2HdXrK5feyoSP+6a3bQQ6GaXSt4lY5YGw12IjqQRsk:CJiUEXrKIIPcl6o4lBGw12IuMsk |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......M.....................0............... ....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401c10 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4DF9EBE1 [Thu Jun 16 11:41:21 2011 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 9b8686288ab82fdbf8ede30bc55c83b7 |
Entrypoint Preview |
---|
Instruction |
---|
push 00401FE0h |
call 00007F3660A839B5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax-79h], bh |
daa |
mov ecx, 458AEB90h |
xchg eax, esp |
mov ecx, 6720C397h |
lodsb |
sbb al, byte ptr [eax] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add al, bh |
je 00007F3660A839BBh |
add dh, byte ptr [esi+61h] |
outsb |
jbe 00007F3660A83A35h |
imul esi, dword ptr [ebx+76h], 61h |
outsb |
add byte ptr fs:[eax], cl |
inc ecx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
bswap edi |
into |
insd |
outsd |
or dh, ah |
movsb |
inc edi |
test eax, 7072E7DFh |
inc ecx |
xchg eax, esp |
jle 00007F3660A83962h |
pop eax |
xor byte ptr [ecx-32h], cl |
jle 00007F3660A83A04h |
scasd |
mov word ptr [ecx], gs |
pop ds |
xchg eax, esp |
jbe 00007F3660A83A09h |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
mov esi, 61000002h |
add byte ptr [eax], al |
add byte ptr [eax], al |
or dword ptr [eax], eax |
push edi |
inc ebp |
inc ecx |
dec esp |
push esp |
dec eax |
inc esi |
push ebp |
dec esp |
add byte ptr [53001501h], cl |
push esp |
push edx |
pop ecx |
dec ebx |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x20ea4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x950 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1c4 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20568 | 0x21000 | False | 0.359463778409 | data | 5.90249486753 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1250 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x950 | 0x1000 | False | 0.17138671875 | data | 2.02462742549 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x24820 | 0x130 | data | ||
RT_ICON | 0x24538 | 0x2e8 | data | ||
RT_ICON | 0x24410 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x243e0 | 0x30 | data | ||
RT_VERSION | 0x24150 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, __vbaRecDestructAnsi, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | Channeled1 |
FileVersion | 1.00 |
CompanyName | Mortagage |
Comments | Mortagage |
ProductName | Mortagage |
ProductVersion | 1.00 |
FileDescription | Mortagage |
OriginalFilename | Channeled1.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 08:49:02 |
Start date: | 09/06/2021 |
Path: | C:\Users\user\Desktop\2FQhmYZME4.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 147456 bytes |
MD5 hash: | 196B3C910B8D74C5916029F6EB037D5D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0040560F, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 224memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06AA7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 200memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06B1B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06AA2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06BB7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06C71, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06CCD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403116, Relevance: 493.0, APIs: 250, Strings: 30, Instructions: 3000COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EEE0, Relevance: 45.3, APIs: 30, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02C032F5, Relevance: 8.5, Strings: 6, Instructions: 957COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C00DCB, Relevance: 7.1, Strings: 5, Instructions: 832COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A6A5, Relevance: 6.0, Strings: 4, Instructions: 986COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C08453, Relevance: 5.6, Strings: 4, Instructions: 603COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05099, Relevance: 5.6, Strings: 4, Instructions: 598COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05125, Relevance: 5.6, Strings: 4, Instructions: 579COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05185, Relevance: 5.6, Strings: 4, Instructions: 573COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0521E, Relevance: 5.6, Strings: 4, Instructions: 550COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05300, Relevance: 5.5, Strings: 4, Instructions: 534COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C052B7, Relevance: 5.5, Strings: 4, Instructions: 529COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C053B9, Relevance: 5.5, Strings: 4, Instructions: 494COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0543B, Relevance: 4.2, Strings: 3, Instructions: 477COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C054B0, Relevance: 4.2, Strings: 3, Instructions: 463COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05555, Relevance: 4.2, Strings: 3, Instructions: 439COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C055C5, Relevance: 4.2, Strings: 3, Instructions: 422COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0565F, Relevance: 4.1, Strings: 3, Instructions: 398COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C056DD, Relevance: 4.1, Strings: 3, Instructions: 387COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C00DFF, Relevance: 2.9, Strings: 2, Instructions: 448COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C00EF7, Relevance: 2.9, Strings: 2, Instructions: 411COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01001, Relevance: 2.9, Strings: 2, Instructions: 366COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05763, Relevance: 2.9, Strings: 2, Instructions: 364COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0108B, Relevance: 2.9, Strings: 2, Instructions: 352COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05812, Relevance: 2.8, Strings: 2, Instructions: 312COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0333E, Relevance: 2.7, Strings: 2, Instructions: 205COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0587D, Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C058E4, Relevance: 1.6, Strings: 1, Instructions: 316COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0111D, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05923, Relevance: 1.6, Strings: 1, Instructions: 301COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C058F6, Relevance: 1.5, Strings: 1, Instructions: 294COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C059BD, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05A4E, Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05AD5, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0B5E7, Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05B85, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0B56A, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0B55A, Relevance: 1.4, Strings: 1, Instructions: 133COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0B6C1, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C037D5, Relevance: .5, Instructions: 526COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C037D7, Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C03846, Relevance: .3, Instructions: 347COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C038C9, Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01179, Relevance: .3, Instructions: 324COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C011ED, Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0395D, Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C039D3, Relevance: .3, Instructions: 293COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C03A6A, Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C012F1, Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A6AA, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05BE0, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A6F1, Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A63C, Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A796, Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A752, Relevance: .3, Instructions: 256COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0136A, Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A7BA, Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C03B0E, Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C07077, Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C07085, Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06F78, Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C03B66, Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C013E9, Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A842, Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C070E6, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01446, Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C008C8, Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C03BEF, Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A942, Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01E6D, Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C014B5, Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C044EA, Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05C6C, Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C071CE, Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C04515, Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C071D5, Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C07194, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A90B, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C07231, Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A9B7, Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0A8D9, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01562, Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C015AF, Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C09EB3, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C045A3, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01E4B, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C05D06, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C072AF, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0AA45, Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0162D, Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C04645, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0AA7E, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C046A1, Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C016A9, Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0AD1E, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C01729, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0AD9B, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C0AB0D, Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C066BB, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C066B0, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C09956, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C09968, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C08FC3, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C06570, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004200E0, Relevance: 31.7, APIs: 21, Instructions: 171COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004204D0, Relevance: 30.1, APIs: 20, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420D10, Relevance: 13.6, APIs: 9, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FF50, Relevance: 12.1, APIs: 8, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420360, Relevance: 12.1, APIs: 8, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FA00, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |