Windows Analysis Report DOCS.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 18 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 23 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Source: | Code function: | 1_2_052D3F50 | |
Source: | Code function: | 1_2_052C86F9 | |
Source: | Code function: | 1_2_02C85440 | |
Source: | Code function: | 1_2_02C85A88 | |
Source: | Code function: | 1_2_02C83F68 | |
Source: | Code function: | 1_2_02C85431 | |
Source: | Code function: | 1_2_02C83F58 | |
Source: | Code function: | 4_2_00F53023 | |
Source: | Code function: | 4_2_00F507D0 | |
Source: | Code function: | 4_2_00F56B68 | |
Source: | Code function: | 4_2_00F51F88 | |
Source: | Code function: | 4_2_00F572C0 | |
Source: | Code function: | 4_2_00F59C50 | |
Source: | Code function: | 4_2_00F5CFD8 | |
Source: | Code function: | 4_2_00F8A208 | |
Source: | Code function: | 4_2_00F856A0 | |
Source: | Code function: | 4_2_00FD47A0 | |
Source: | Code function: | 4_2_00FD4790 | |
Source: | Code function: | 4_2_00FD4772 | |
Source: | Code function: | 17_2_04D2D688 | |
Source: | Code function: | 17_2_04D26850 | |
Source: | Code function: | 17_2_04D26FF8 | |
Source: | Code function: | 17_2_04D26FE8 | |
Source: | Code function: | 18_2_02E647A0 | |
Source: | Code function: | 18_2_02E63E58 | |
Source: | Code function: | 18_2_02E64772 | |
Source: | Code function: | 18_2_02E64730 | |
Source: | Code function: | 20_2_030C5431 | |
Source: | Code function: | 20_2_030C5A88 | |
Source: | Code function: | 20_2_030C3F58 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 1_2_052C5143 | |
Source: | Code function: | 1_2_052C4D88 | |
Source: | Code function: | 1_2_052C936E | |
Source: | Code function: | 1_2_052C7892 | |
Source: | Code function: | 1_2_02C8C02A | |
Source: | Code function: | 17_2_04D2909D | |
Source: | Code function: | 17_2_04D2E9C9 | |
Source: | Code function: | 17_2_04D265F1 | |
Source: | Code function: | 17_2_04D2EE78 |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 4_2_00F5A3B0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Registry Run Keys / Startup Folder1 | Process Injection12 | File and Directory Permissions Modification1 | OS Credential Dumping2 | System Information Discovery114 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder1 | Disable or Modify Tools1 | Input Capture1 | Query Registry1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Credentials in Registry1 | Security Software Discovery211 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture1 | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | Virtualization/Sandbox Evasion131 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Timestomp1 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Masquerading1 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion131 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection12 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Hidden Files and Directories1 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
52% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
52% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | 208.91.199.225 | true | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.91.199.225 | us2.smtp.mailhostbox.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 452541 |
Start date: | 22.07.2021 |
Start time: | 15:03:17 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | DOCS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.adwa.spyw.evad.winEXE@7/6@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:04:29 | API Interceptor | |
15:04:41 | Autostart | |
15:04:49 | Autostart | |
15:05:22 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\DOCS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 886 |
Entropy (8bit): | 5.325593152230861 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhgLE4qE4j:MIHK5HKXE1qHxviYHKhQnogLHqHj |
MD5: | 68C56F3AE303DE073F0E946D68CC9989 |
SHA1: | 800140D71D44A869334051D2FE455E68FFB8A492 |
SHA-256: | 55AC389B15756DE1C06EE870CF36F9A6A269C11651A4B0C98838D618C90DE773 |
SHA-512: | 04232F108F22B6A72AB17126D3A6955079DF62069685F7CEA4E4823AC8B808C07644F26D0BD1B460DAE36E3DE165D65A82EEA68F1330A0F274BB130799DE0300 |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 886 |
Entropy (8bit): | 5.325593152230861 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhgLE4qE4j:MIHK5HKXE1qHxviYHKhQnogLHqHj |
MD5: | 68C56F3AE303DE073F0E946D68CC9989 |
SHA1: | 800140D71D44A869334051D2FE455E68FFB8A492 |
SHA-256: | 55AC389B15756DE1C06EE870CF36F9A6A269C11651A4B0C98838D618C90DE773 |
SHA-512: | 04232F108F22B6A72AB17126D3A6955079DF62069685F7CEA4E4823AC8B808C07644F26D0BD1B460DAE36E3DE165D65A82EEA68F1330A0F274BB130799DE0300 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\DOCS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 850432 |
Entropy (8bit): | 4.084228889752601 |
Encrypted: | false |
SSDEEP: | 12288:KWyWaA3xU+8SeWYL6dKsEP19309tXzWhMlDf1xqispXhS4bc1Paz+WJWskVCyjUp:KnfVrt9MTGZSC8keQ |
MD5: | 8E2AA51F45393D980A4D9B20947976B6 |
SHA1: | 44742C0E7752ECE4ED49C40D0F1B4E893C291005 |
SHA-256: | 02E6972EEC66F1F2B9898FA662D59C1F47856F180DAD385D766399ECAF763F5B |
SHA-512: | 2FE59FF635022207464B42F82331A78C0864FAE60A91C9348D98DAD386F853F0100D029FBFA49086FC46D95AF6E11108F004E1189E5B9EEAB6540049746B072C |
Malicious: | true |
Antivirus: |
|
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\DOCS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11 |
Entropy (8bit): | 2.663532754804255 |
Encrypted: | false |
SSDEEP: | 3:iLE:iLE |
MD5: | B24D295C1F84ECBFB566103374FB91C5 |
SHA1: | 6A750D3F8B45C240637332071D34B403FA1FF55A |
SHA-256: | 4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4 |
SHA-512: | 9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.084228889752601 |
TrID: |
|
File name: | DOCS.exe |
File size: | 850432 |
MD5: | 8e2aa51f45393d980a4d9b20947976b6 |
SHA1: | 44742c0e7752ece4ed49c40d0f1b4e893c291005 |
SHA256: | 02e6972eec66f1f2b9898fa662d59c1f47856f180dad385d766399ecaf763f5b |
SHA512: | 2fe59ff635022207464b42f82331a78c0864fae60a91c9348d98dad386f853f0100d029fbfa49086fc46d95af6e11108f004e1189e5b9eeab6540049746b072c |
SSDEEP: | 12288:KWyWaA3xU+8SeWYL6dKsEP19309tXzWhMlDf1xqispXhS4bc1Paz+WJWskVCyjUp:KnfVrt9MTGZSC8keQ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............^.... ... ....@.. .......................`............@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4d045e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x91B5E3D7 [Thu Jun 20 04:11:03 2047 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd040c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd2000 | 0xfe5 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd4000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xce464 | 0xce600 | False | 0.48092775212 | data | 4.06947033744 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xd2000 | 0xfe5 | 0x1000 | False | 0.396484375 | data | 4.99628295556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd4000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xd20a0 | 0x33c | data | ||
RT_MANIFEST | 0xd23dc | 0xc09 | XML 1.0 document, UTF-8 Unicode (with BOM) text |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2019 |
Assembly Version | 1.0.0.0 |
InternalName | Symlink-Maker.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | Symlink-Maker |
ProductVersion | 1.0.0.0 |
FileDescription | Symlink-Maker |
OriginalFilename | Symlink-Maker.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 22, 2021 15:05:59.534951925 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:05:59.698244095 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:05:59.698402882 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.284007072 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.285490990 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.449172974 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.449270010 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.449773073 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.614298105 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.662841082 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.703207016 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.866774082 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.866801023 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.866821051 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.866836071 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.866852999 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:00.867183924 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:00.867213964 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:01.030495882 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:01.035595894 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:01.207036018 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:01.256036997 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:01.507761955 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:01.674191952 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:01.678570986 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:01.843699932 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:01.844660997 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.010176897 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.011212111 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.176107883 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.176580906 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.360199928 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.361067057 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.524844885 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.526426077 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.526604891 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.527448893 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.527561903 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
Jul 22, 2021 15:06:02.689796925 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.690669060 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.789310932 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 |
Jul 22, 2021 15:06:02.834201097 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 22, 2021 15:03:59.972803116 CEST | 50848 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:00.025115013 CEST | 53 | 50848 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:01.794532061 CEST | 61242 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:01.852119923 CEST | 53 | 61242 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:12.693896055 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:12.746890068 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:13.709847927 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:13.767812967 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:15.124782085 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:15.174043894 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:16.156122923 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:16.208539963 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:17.777354002 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:17.827471972 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:19.340184927 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:19.389429092 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:21.554909945 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:21.604010105 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:24.487034082 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:24.547174931 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:26.189495087 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:26.250736952 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:26.372477055 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:26.432322979 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:28.536798000 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:28.595110893 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:29.805582047 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:29.855804920 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:30.771035910 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:30.821212053 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:31.735332966 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:31.793848991 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:32.777951956 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:32.832200050 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:33.991823912 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:34.051959991 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:35.164995909 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:35.218954086 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:35.814225912 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:35.887300968 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:36.433042049 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:36.485438108 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:37.572786093 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:37.626529932 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:38.823156118 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:38.883908987 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:40.408902884 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:40.461357117 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:04:54.605417967 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:04:54.663815975 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:02.136678934 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:02.196635008 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:03.112910032 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:03.171888113 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:03.914273977 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:03.963807106 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:03.973289013 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:04.635366917 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:04.693084955 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:05.018073082 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:05.111243010 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:05.619879007 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:05.680975914 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:06.423779011 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:06.481934071 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:07.466336966 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:07.515759945 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:08.371182919 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:08.421664000 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:09.418557882 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:09.467994928 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:10.045176029 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:10.104963064 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:13.586437941 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:13.647413015 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:44.636132002 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:44.713265896 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:46.613745928 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:46.673582077 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
Jul 22, 2021 15:05:59.297796965 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Jul 22, 2021 15:05:59.370481014 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 22, 2021 15:05:59.297796965 CEST | 192.168.2.7 | 8.8.8.8 | 0x2d4d | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 22, 2021 15:05:59.370481014 CEST | 8.8.8.8 | 192.168.2.7 | 0x2d4d | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
Jul 22, 2021 15:05:59.370481014 CEST | 8.8.8.8 | 192.168.2.7 | 0x2d4d | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
Jul 22, 2021 15:05:59.370481014 CEST | 8.8.8.8 | 192.168.2.7 | 0x2d4d | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
Jul 22, 2021 15:05:59.370481014 CEST | 8.8.8.8 | 192.168.2.7 | 0x2d4d | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Jul 22, 2021 15:06:00.284007072 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
Jul 22, 2021 15:06:00.285490990 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 | EHLO 899552 |
Jul 22, 2021 15:06:00.449270010 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
Jul 22, 2021 15:06:00.449773073 CEST | 49738 | 587 | 192.168.2.7 | 208.91.199.225 | STARTTLS |
Jul 22, 2021 15:06:00.614298105 CEST | 587 | 49738 | 208.91.199.225 | 192.168.2.7 | 220 2.0.0 Ready to start TLS |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:04:07 |
Start date: | 22/07/2021 |
Path: | C:\Users\user\Desktop\DOCS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x890000 |
File size: | 850432 bytes |
MD5 hash: | 8E2AA51F45393D980A4D9B20947976B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:04:12 |
Start date: | 22/07/2021 |
Path: | C:\Users\user\Desktop\DOCS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6e0000 |
File size: | 850432 bytes |
MD5 hash: | 8E2AA51F45393D980A4D9B20947976B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:04:50 |
Start date: | 22/07/2021 |
Path: | C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 850432 bytes |
MD5 hash: | 8E2AA51F45393D980A4D9B20947976B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:04:56 |
Start date: | 22/07/2021 |
Path: | C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 850432 bytes |
MD5 hash: | 8E2AA51F45393D980A4D9B20947976B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 15:04:58 |
Start date: | 22/07/2021 |
Path: | C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbb0000 |
File size: | 850432 bytes |
MD5 hash: | 8E2AA51F45393D980A4D9B20947976B6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 052D3F50, Relevance: .4, Instructions: 406COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C85A88, Relevance: .3, Instructions: 317COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C85431, Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83F58, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C85440, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83F68, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D59D0, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D4650, Relevance: 1.5, Strings: 1, Instructions: 225COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5E08, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D48B8, Relevance: .6, Instructions: 588COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84758, Relevance: .4, Instructions: 367COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8D610, Relevance: .4, Instructions: 352COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DD20, Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E768, Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8790B, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C87960, Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5100, Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C5A0, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C590, Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C89938, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D56E8, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C3E8, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5FF8, Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84FD0, Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C85A78, Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8B160, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8B170, Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A160, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86030, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A170, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86040, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84168, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5580, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C9A0, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A710, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A720, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84158, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DA89, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E358, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DA98, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E500, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A828, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84298, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E5B8, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83E78, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8CB90, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83E88, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A838, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C990, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DBC8, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C89B40, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C8F8, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DBB8, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C861D8, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C89B50, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C908, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C861F0, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DC5B, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8DC68, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5500, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84EE0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D3EC8, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E4F0, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8E720, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A910, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A920, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83E40, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C032, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052D5DC8, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86391, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C558, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83E50, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8B400, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8B3D8, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C008, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A8E8, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8A8F8, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8C040, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8B410, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 052C86F9, Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00F5A3B0, Relevance: 2.2, APIs: 1, Instructions: 688COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5CB50, Relevance: 1.7, APIs: 1, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD5190, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5B698, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC3B8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD41AA, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2F44, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F890A0, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F89FE8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 04D2D688, Relevance: 8.8, Strings: 6, Instructions: 1313COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2BC78, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D28622, Relevance: 5.1, Strings: 4, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2A6C0, Relevance: 4.2, Strings: 3, Instructions: 427COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2BC68, Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25E08, Relevance: 1.6, Strings: 1, Instructions: 324COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2A070, Relevance: 1.6, Strings: 1, Instructions: 321COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D259C1, Relevance: 1.5, Strings: 1, Instructions: 285COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D24650, Relevance: 1.5, Strings: 1, Instructions: 228COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2D348, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25DF8, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2D679, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D248A8, Relevance: .5, Instructions: 503COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2C520, Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D23F50, Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2B418, Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F980, Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2ADE7, Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D299B0, Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F3D0, Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2A441, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D29818, Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25100, Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D23F40, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D256E8, Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F967, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2B8B8, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2B1E1, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2A6B0, Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2B0A8, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2EEB0, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D259D0, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D290CB, Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25571, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25580, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2B408, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2D481, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2AD10, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D24E28, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1D63C, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25C98, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D26301, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2C9E0, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D26198, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D263D0, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25FE9, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1D637, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D29EA0, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D296F1, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D23EB9, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D285B8, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25500, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D29700, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D27DB0, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D26E9A, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D23EC8, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D263C1, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F370, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D26EA0, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D256D9, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F260, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25868, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F270, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2F102, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2BFFB, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D27D77, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D262D0, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D2EE97, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D25DC8, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D262E0, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D23720, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E65184, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E65190, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E66964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E6C3A9, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E66D72, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E66D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02E6C3B8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FD53C, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FD450, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0120D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FD537, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011FD44B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0120D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 030C5A88, Relevance: .3, Instructions: 317COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C5431, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C3F58, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4C90, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4758, Relevance: .4, Instructions: 365COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C790C, Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C7960, Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C5A78, Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C99C0, Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC460, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CB160, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CB170, Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA160, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C6030, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA170, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4168, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA710, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4158, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4286, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C3E78, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA828, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C3E88, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA838, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C9B40, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C61D8, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C508F, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C50F3, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C4EE0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C50E1, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA910, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC032, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA920, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C3E40, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C6391, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC558, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030C3E50, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CB400, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CA8E8, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CB3D8, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC008, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CC040, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030CB410, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|