Windows Analysis Report cBQPecnQRp
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Compliance
Score: | 47 |
Range: | 0 - 100 |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Regsvr32 Anomaly | Show sources |
Source: | Author: Florian Roth, oscd.community: |
Sigma detected: Suspicious Certutil Command | Show sources |
Source: | Author: Florian Roth, juju4, keepwatch: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
PE / OLE file has a valid certificate | Show sources |
Source: | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00466410 |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_004340B0 | |
Source: | Code function: | 1_2_00432A00 | |
Source: | Code function: | 1_2_0049C051 | |
Source: | Code function: | 1_2_0046207C | |
Source: | Code function: | 1_2_004520EB | |
Source: | Code function: | 1_2_00402080 | |
Source: | Code function: | 1_2_004961AB | |
Source: | Code function: | 1_2_004321AB | |
Source: | Code function: | 1_2_00402210 | |
Source: | Code function: | 1_2_004443F0 | |
Source: | Code function: | 1_2_0048C4C0 | |
Source: | Code function: | 1_2_004744D0 | |
Source: | Code function: | 1_2_0049E4E7 | |
Source: | Code function: | 1_2_004024F2 | |
Source: | Code function: | 1_2_004685D0 | |
Source: | Code function: | 1_2_00484580 | |
Source: | Code function: | 1_2_004025A0 | |
Source: | Code function: | 1_2_0048E620 | |
Source: | Code function: | 1_2_00402700 | |
Source: | Code function: | 1_2_0045A7C0 | |
Source: | Code function: | 1_2_00484790 | |
Source: | Code function: | 1_2_00402850 | |
Source: | Code function: | 1_2_00424970 | |
Source: | Code function: | 1_2_004029E0 | |
Source: | Code function: | 1_2_00402B70 | |
Source: | Code function: | 1_2_00464CC9 | |
Source: | Code function: | 1_2_00402CF0 | |
Source: | Code function: | 1_2_00402E70 | |
Source: | Code function: | 1_2_0048CFC0 | |
Source: | Code function: | 1_2_0049901A | |
Source: | Code function: | 1_2_0045B2E0 | |
Source: | Code function: | 1_2_004773C0 | |
Source: | Code function: | 1_2_00401390 | |
Source: | Code function: | 1_2_00433450 | |
Source: | Code function: | 1_2_004454F0 | |
Source: | Code function: | 1_2_0046B48F | |
Source: | Code function: | 1_2_004514A0 | |
Source: | Code function: | 1_2_004014B0 | |
Source: | Code function: | 1_2_0045154D | |
Source: | Code function: | 1_2_00433569 | |
Source: | Code function: | 1_2_004755F0 | |
Source: | Code function: | 1_2_0046B5AF | |
Source: | Code function: | 1_2_00401610 | |
Source: | Code function: | 1_2_00493680 | |
Source: | Code function: | 1_2_00401760 | |
Source: | Code function: | 1_2_0048D7F0 | |
Source: | Code function: | 1_2_004337A0 | |
Source: | Code function: | 1_2_00499809 | |
Source: | Code function: | 1_2_004518BF | |
Source: | Code function: | 1_2_0048B9A0 |
Source: | Code function: | 1_2_0044E3F5 |
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Code function: | 1_2_00422D90 |
Source: | Command line argument: | 1_2_004946D0 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_00434A91 | |
Source: | Code function: | 1_2_00410AAB | |
Source: | Code function: | 1_2_0044F74F | |
Source: | Code function: | 1_2_00493991 |
Source: | Static PE information: |
Source: | Code function: | 1_2_004A5845 |
Source: | Process created: |
Source: | Code function: | 1_2_0044E000 |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 1_2_0044C1E6 |
Source: | Code function: | 1_2_00466410 |
Source: | Code function: | 1_2_0044EE91 |
Source: | Code function: | 1_2_004A5845 |
Source: | Code function: | 1_2_004944F0 |
Source: | Code function: | 1_2_0046619E | |
Source: | Code function: | 1_2_00434891 | |
Source: | Code function: | 1_2_0044ECD5 | |
Source: | Code function: | 1_2_0045D9CF |
Source: | Code function: | 1_2_0044FE43 | |
Source: | Code function: | 1_2_0045976E | |
Source: | Code function: | 1_2_0044F8B8 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_00468B1F | |
Source: | Code function: | 1_2_00468DC7 | |
Source: | Code function: | 1_2_00468E12 | |
Source: | Code function: | 1_2_00468EAD | |
Source: | Code function: | 1_2_00468F40 | |
Source: | Code function: | 1_2_004691A0 | |
Source: | Code function: | 1_2_004692C6 | |
Source: | Code function: | 1_2_004693CC | |
Source: | Code function: | 1_2_0046949B | |
Source: | Code function: | 1_2_0046354D | |
Source: | Code function: | 1_2_004639F3 |
Source: | Code function: | 1_2_0041E0FC |
Source: | Code function: | 1_2_00440690 |
Source: | Code function: | 1_2_004A85C0 | |
Source: | Code function: | 1_2_004A7879 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | DLL Side-Loading1 | Process Injection111 | Virtualization/Sandbox Evasion1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Application Shimming1 | DLL Side-Loading1 | Process Injection111 | LSASS Memory | Security Software Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Application Shimming1 | Deobfuscate/Decode Files or Information1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol4 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Regsvr321 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Information Discovery23 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | Virustotal | Browse | ||
2% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
2% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
11% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
christchurchmvl.org | 100.26.95.170 | true | true |
| unknown |
www.christchurchmvl.org | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
100.26.95.170 | christchurchmvl.org | United States | 14618 | AMAZON-AESUS | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 483791 |
Start date: | 15.09.2021 |
Start time: | 13:45:42 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | cBQPecnQRp (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.evad.winEXE@8/1@2/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:47:28 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
100.26.95.170 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\certutil.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 196 |
Entropy (8bit): | 5.098952451791238 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T |
MD5: | 62962DAA1B19BBCC2DB10B7BFD531EA6 |
SHA1: | D64BAE91091EDA6A7532EBEC06AA70893B79E1F8 |
SHA-256: | 80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880 |
SHA-512: | 9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.445333009028377 |
TrID: |
|
File name: | cBQPecnQRp.exe |
File size: | 1363448 |
MD5: | 53817315b195e328ccc0f56b15b247c7 |
SHA1: | 7bedab96b89d000288b573de0b5693cf49dae47f |
SHA256: | ea2decec34ae3129d5da1f2035b34cff3c9f656bb4423904ef6b0a3ca5f47d5e |
SHA512: | 2ca834743045f742bc65da90f1b0868af54f7d703c0ef11b6deac4080bb7260ad2f9d5d0bb7b5e2a2eca5ef837c6ad976234594e931c6fbfce06c8e1d4cb1512 |
SSDEEP: | 24576:NVPOpKJdaWTVE6LwF5oSZc1HHZZZ6OEtdU:mId1+6cjoSMHHZZZ6OEtd |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......s..r7..!7..!7..!l.. !..!l.. ...!... &..!... /..!... 1..!... ...!l.. ...!l.. 4..!... ...!7..!`..!mK1!?..!7..!...!... a..!...!6.. |
File Icon |
---|
Icon Hash: | 78706a6ab8a180c0 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x44f6f0 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | GUARD_CF, TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x5FD76A63 [Mon Dec 14 13:36:35 2020 UTC] |
TLS Callbacks: | 0x494680, 0x494e50, 0x494eb0 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | b5f0210fb8fa3412ad980dc8b3f3cd95 |
Authenticode Signature |
---|
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5D5CA7E8D78224799E8AA101FF486137 |
Thumbprint SHA-1: | 319517761E92EC6EEF1966A5994570D46A498093 |
Thumbprint SHA-256: | AC50A5D91A71BA8447EE795FF966E625AEC004E49EB24ADAA366B988686B65A5 |
Serial: | 009B576882CCDB891FD6E4A66671F3AC71 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FA0C4A06EA8h |
jmp 00007FA0C4A064BDh |
push ebp |
mov ebp, esp |
pop ebp |
jmp 00007FA0C4A05F16h |
jmp 00007FA0C4A05EEDh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 0Fh |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007FA0C4A06F8Fh |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 07h |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007FA0C4A06F79h |
mov ecx, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
mov ecx, dword ptr [ebp-10h] |
xor ecx, ebp |
call 00007FA0C4A05E9Fh |
jmp 00007FA0C4A06620h |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [004F4024h] |
xor eax, ebp |
push eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [004F4024h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xf2f44 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfe000 | 0x47b40 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x14a800 | 0x25f8 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x146000 | 0xa23c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xe2c10 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xe2c64 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xbe8d8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb9000 | 0x24c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xf2598 | 0x160 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb718a | 0xb7200 | False | 0.495668462031 | data | 6.785949083 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xb9000 | 0x3acc0 | 0x3ae00 | False | 0.322618099788 | COM executable for DOS | 6.31638797155 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf4000 | 0x8ac8 | 0x6200 | False | 0.153698979592 | data | 4.61512382052 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.didat | 0xfd000 | 0x164 | 0x200 | False | 0.41015625 | data | 3.13519516789 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xfe000 | 0x47b40 | 0x47c00 | False | 0.076784353223 | data | 3.18159027325 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x146000 | 0xa23c | 0xa400 | False | 0.605182926829 | data | 6.59143707944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0xfe3b8 | 0x1568 | data | German | Germany |
RT_BITMAP | 0xff920 | 0x1d8 | data | German | Germany |
RT_ICON | 0xffe28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x100290 | 0x10a8 | data | English | United States |
RT_ICON | 0x101338 | 0x25a8 | data | English | United States |
RT_ICON | 0x1038e0 | 0x42028 | data | English | United States |
RT_DIALOG | 0xfe310 | 0xa4 | data | German | Germany |
RT_STRING | 0x145958 | 0x62 | data | English | United States |
RT_ACCELERATOR | 0x145948 | 0x10 | data | English | United States |
RT_GROUP_ICON | 0x145908 | 0x3e | data | English | United States |
RT_VERSION | 0xffaf8 | 0x32c | data | German | Germany |
RT_MANIFEST | 0x1459c0 | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | LoadLibraryExA, GetModuleHandleA, GetModuleFileNameA, GetSystemDirectoryA, GetModuleFileNameW, SetLastError, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, RaiseException, DeleteCriticalSection, GetLastError, InitializeCriticalSectionEx, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, DecodePointer, GetProcAddress, FreeLibrary, VerSetConditionMask, VerifyVersionInfoW, IsWow64Process, GetCurrentProcess, SetSearchPathMode, SetDllDirectoryW, HeapSetInformation, SetProcessDEPPolicy, GetSystemDirectoryW, LoadLibraryExW, LoadLibraryW, GetFileAttributesW, CreateFileW, CloseHandle, WideCharToMultiByte, LocalFree, FormatMessageW, FormatMessageA, CreateTimerQueue, GetSystemInfo, VirtualProtect, VirtualQuery, GetModuleHandleW, MultiByteToWideChar, GetStringTypeW, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, EncodePointer, LCMapStringW, GetLocaleInfoW, GetCPInfo, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, IsDebuggerPresent, OutputDebugStringW, SetEvent, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, RtlUnwind, InterlockedFlushSList, ExitProcess, GetModuleHandleExW, GetStdHandle, WriteFile, GetCurrentThread, GetFileType, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, TerminateThread, QueueUserAPC, CreateEventA, CreateDirectoryW, InitializeCriticalSection, ReleaseMutex, CreateMutexW, OpenMutexW, GetFileSize, OpenEventA, UnregisterWaitEx, Sleep, RegisterWaitForSingleObject, GetLocalTime, DuplicateHandle, ReleaseSemaphore, SetThreadPriority, QueryPerformanceFrequency, GetThreadTimes, TryEnterCriticalSection, GetLogicalProcessorInformation, CreateThread, FreeLibraryAndExitThread, SignalObjectAndWait, GetThreadPriority, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, UnregisterWait, GetVersionExW, QueryDepthSList |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | TeamViewer Germany GmbH |
InternalName | TeamViewer |
FileVersion | 15.13.6.0 |
CompanyName | TeamViewer Germany GmbH |
LegalTrademarks | TeamViewer |
ProductName | TeamViewer |
ProductVersion | 15.13.6.0 |
FileDescription | TeamViewer |
OriginalFilename | TeamViewer_Note.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
German | Germany | |
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 13:47:27.926995993 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:27.927061081 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:27.927170992 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:27.931725025 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:27.931766033 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:28.359617949 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:28.359714031 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:28.408446074 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:28.408477068 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:28.408838034 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:28.473718882 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:29.485140085 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:29.527137995 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:29.625088930 CEST | 443 | 49772 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:29.641112089 CEST | 49772 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:30.275280952 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:30.275331020 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:30.275847912 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:30.276878119 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:30.276904106 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:30.557873964 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:30.558068991 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.136315107 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.136341095 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.136692047 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.136763096 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.137299061 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.179140091 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.276369095 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.276463985 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.276484013 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.276531935 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.291244984 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
Sep 15, 2021 13:47:31.291408062 CEST | 443 | 49773 | 100.26.95.170 | 192.168.2.4 |
Sep 15, 2021 13:47:31.291496038 CEST | 49773 | 443 | 192.168.2.4 | 100.26.95.170 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 13:46:34.089144945 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:46:34.133929968 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:46:36.824444056 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:46:36.863562107 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:10.051311970 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:10.079045057 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:25.735857010 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:25.764188051 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:27.737127066 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:27.914834023 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:30.207760096 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:30.271061897 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:31.987982035 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:32.026420116 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:32.757365942 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:32.811314106 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:33.307559967 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:33.334069014 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:33.695559978 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:33.698770046 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:33.735899925 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:33.754201889 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:34.294879913 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:34.367065907 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:35.136635065 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:35.165318966 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:35.826641083 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:35.885911942 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:36.763900995 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:36.793672085 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:37.570334911 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:37.610944033 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:38.181309938 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:38.214015007 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:47:49.626492977 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:47:49.663325071 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:48:23.738024950 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:48:23.775444031 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Sep 15, 2021 13:48:25.384879112 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 15, 2021 13:48:25.411534071 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 15, 2021 13:47:27.737127066 CEST | 192.168.2.4 | 8.8.8.8 | 0xbe2e | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 13:47:30.207760096 CEST | 192.168.2.4 | 8.8.8.8 | 0xefdf | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 15, 2021 13:47:27.914834023 CEST | 8.8.8.8 | 192.168.2.4 | 0xbe2e | No error (0) | christchurchmvl.org | CNAME (Canonical name) | IN (0x0001) | ||
Sep 15, 2021 13:47:27.914834023 CEST | 8.8.8.8 | 192.168.2.4 | 0xbe2e | No error (0) | 100.26.95.170 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 13:47:30.271061897 CEST | 8.8.8.8 | 192.168.2.4 | 0xefdf | No error (0) | christchurchmvl.org | CNAME (Canonical name) | IN (0x0001) | ||
Sep 15, 2021 13:47:30.271061897 CEST | 8.8.8.8 | 192.168.2.4 | 0xefdf | No error (0) | 100.26.95.170 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49772 | 100.26.95.170 | 443 | C:\Windows\SysWOW64\certutil.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-15 11:47:29 UTC | 0 | OUT | |
2021-09-15 11:47:29 UTC | 0 | IN | |
2021-09-15 11:47:29 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49773 | 100.26.95.170 | 443 | C:\Windows\SysWOW64\certutil.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-15 11:47:31 UTC | 0 | OUT | |
2021-09-15 11:47:31 UTC | 0 | IN | |
2021-09-15 11:47:31 UTC | 0 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:46:42 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\Desktop\cBQPecnQRp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1363448 bytes |
MD5 hash: | 53817315B195E328CCC0F56B15B247C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 13:47:24 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:47:25 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:47:26 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\certutil.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10a0000 |
File size: | 1273856 bytes |
MD5 hash: | D056DF596F6E02A36841E69872AEF7BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 13:47:32 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1370000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004321AB, Relevance: 11.8, APIs: 1, Strings: 5, Instructions: 1254memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440690, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 592timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044FE43, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434380, Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 396memorysleeppipeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420350, Relevance: 37.3, APIs: 14, Strings: 7, Instructions: 576librarythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434450, Relevance: 37.1, APIs: 19, Strings: 2, Instructions: 329memorysleeppipeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F2B7, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 58libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004346D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124sleepfileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045C756, Relevance: 4.6, APIs: 3, Instructions: 142COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045C8BA, Relevance: 4.6, APIs: 3, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00466EB0, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004373C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00466A51, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E6FC, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046710E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E7EB, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004626C2, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00460DF4, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045C6B7, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C101, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046CD40, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046CD25, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0044E000, Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004773C0, Relevance: 18.2, Strings: 14, Instructions: 745COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048E620, Relevance: 16.5, Strings: 13, Instructions: 257COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004944F0, Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 118memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048B9A0, Relevance: 13.3, Strings: 10, Instructions: 783COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049901A, Relevance: 10.8, APIs: 7, Instructions: 284COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A85C0, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044ECD5, Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422D90, Relevance: 4.5, APIs: 3, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045D9CF, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048D7F0, Relevance: 4.4, Strings: 3, Instructions: 627COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045B2E0, Relevance: 3.4, APIs: 2, Instructions: 450COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00493680, Relevance: 2.8, Strings: 2, Instructions: 281COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046207C, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CFC0, Relevance: 1.8, Strings: 1, Instructions: 510COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C4C0, Relevance: 1.6, Strings: 1, Instructions: 358COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004685D0, Relevance: 1.6, Strings: 1, Instructions: 327COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468E12, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004693CC, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468EAD, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468DC7, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004639F3, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401760, Relevance: 1.5, Strings: 1, Instructions: 266COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044E3F5, Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045A7C0, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049C051, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004961AB, Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00464CC9, Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004744D0, Relevance: .5, Instructions: 529COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433569, Relevance: .5, Instructions: 527COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004755F0, Relevance: .5, Instructions: 525COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433450, Relevance: .5, Instructions: 486COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004337A0, Relevance: .4, Instructions: 374COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004520EB, Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004518BF, Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484580, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484790, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B70, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402CF0, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E70, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004029E0, Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402850, Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402080, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025A0, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004014B0, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401610, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046B5AF, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402700, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401390, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046B48F, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004514A0, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402210, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024F2, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434891, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046619E, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E0FC, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456538, Relevance: 28.8, APIs: 19, Instructions: 340COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004234E0, Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 105libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AC200, Relevance: 22.7, APIs: 15, Instructions: 231COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049AA79, Relevance: 19.7, APIs: 13, Instructions: 223COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F4A0, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 136synchronizationfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004674A0, Relevance: 18.4, APIs: 12, Instructions: 374COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AC4A0, Relevance: 16.7, APIs: 11, Instructions: 222COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049ED40, Relevance: 15.1, APIs: 10, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049F6FE, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044EAD3, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454F64, Relevance: 13.8, APIs: 9, Instructions: 338COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004678C0, Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00462A16, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 318fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A3804, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437300, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62synchronizationthreadinjectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454CEC, Relevance: 12.2, APIs: 8, Instructions: 162COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004360C0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AB620, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A811D, Relevance: 10.6, APIs: 7, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AAE90, Relevance: 9.1, APIs: 6, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458B85, Relevance: 9.1, APIs: 6, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A824B, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004526FA, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437180, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F363, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AB310, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447510, Relevance: 8.8, APIs: 7, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A7440, Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A0C64, Relevance: 7.6, APIs: 5, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A2C91, Relevance: 7.6, APIs: 5, Instructions: 84threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00467857, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F380, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004226E0, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 155memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A38D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452811, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00457173, Relevance: 6.2, APIs: 4, Instructions: 165COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00495911, Relevance: 6.1, APIs: 4, Instructions: 141COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456335, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049AF43, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AA4C0, Relevance: 6.1, APIs: 4, Instructions: 88threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A3454, Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00460B59, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00460CB0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00497223, Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A2EC6, Relevance: 6.1, APIs: 4, Instructions: 51threadCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004ACF05, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049D2F6, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A2A07, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046C8E7, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044F452, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E430, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C51D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 212fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A420, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046305D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00462F74, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00462E99, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A5150, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044ED40, Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |