Windows Analysis Report 1ZDvfs8V0D
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 15 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Antivirus detection for dropped file | Show sources |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Exploits: |
---|
Accesses ntoskrnl, likely to find offsets for exploits | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_000000014005D290 | |
Source: | Code function: | 32_2_00007FF72A9E6334 | |
Source: | Code function: | 32_2_00007FF72A9E72AC | |
Source: | Code function: | 32_2_00007FF72A9E5DE8 |
Source: | String found in binary or memory: |
Source: | Code function: | 32_2_00007FF72A9E7D98 |
Source: | Code function: | 32_2_00007FF72A9EA9C4 |
E-Banking Fraud: |
---|
Yara detected Dridex unpacked file | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_0000000140034870 | |
Source: | Code function: | 1_2_0000000140035270 | |
Source: | Code function: | 1_2_0000000140048AC0 | |
Source: | Code function: | 1_2_000000014005C340 | |
Source: | Code function: | 1_2_0000000140065B80 | |
Source: | Code function: | 1_2_000000014006A4B0 | |
Source: | Code function: | 1_2_00000001400524B0 | |
Source: | Code function: | 1_2_0000000140026CC0 | |
Source: | Code function: | 1_2_000000014004BD40 | |
Source: | Code function: | 1_2_00000001400495B0 | |
Source: | Code function: | 1_2_0000000140036F30 | |
Source: | Code function: | 1_2_0000000140069010 | |
Source: | Code function: | 1_2_0000000140001010 | |
Source: | Code function: | 1_2_0000000140066020 | |
Source: | Code function: | 1_2_000000014002F840 | |
Source: | Code function: | 1_2_000000014005D850 | |
Source: | Code function: | 1_2_0000000140064080 | |
Source: | Code function: | 1_2_0000000140010880 | |
Source: | Code function: | 1_2_00000001400688A0 | |
Source: | Code function: | 1_2_000000014002D0D0 | |
Source: | Code function: | 1_2_00000001400018D0 | |
Source: | Code function: | 1_2_0000000140016100 | |
Source: | Code function: | 1_2_000000014001D100 | |
Source: | Code function: | 1_2_000000014002A110 | |
Source: | Code function: | 1_2_000000014001D910 | |
Source: | Code function: | 1_2_0000000140015120 | |
Source: | Code function: | 1_2_000000014000B120 | |
Source: | Code function: | 1_2_000000014004F940 | |
Source: | Code function: | 1_2_0000000140039140 | |
Source: | Code function: | 1_2_0000000140023140 | |
Source: | Code function: | 1_2_0000000140057950 | |
Source: | Code function: | 1_2_000000014001E170 | |
Source: | Code function: | 1_2_0000000140002980 | |
Source: | Code function: | 1_2_00000001400611A0 | |
Source: | Code function: | 1_2_00000001400389A0 | |
Source: | Code function: | 1_2_00000001400381A0 | |
Source: | Code function: | 1_2_000000014002E1B0 | |
Source: | Code function: | 1_2_00000001400139D0 | |
Source: | Code function: | 1_2_00000001400319F0 | |
Source: | Code function: | 1_2_000000014002EA00 | |
Source: | Code function: | 1_2_0000000140022A00 | |
Source: | Code function: | 1_2_000000014003B220 | |
Source: | Code function: | 1_2_0000000140067A40 | |
Source: | Code function: | 1_2_0000000140069A50 | |
Source: | Code function: | 1_2_0000000140007A60 | |
Source: | Code function: | 1_2_000000014003AAC0 | |
Source: | Code function: | 1_2_000000014003A2E0 | |
Source: | Code function: | 1_2_0000000140062B00 | |
Source: | Code function: | 1_2_0000000140018300 | |
Source: | Code function: | 1_2_000000014002FB20 | |
Source: | Code function: | 1_2_0000000140031340 | |
Source: | Code function: | 1_2_0000000140022340 | |
Source: | Code function: | 1_2_0000000140017B40 | |
Source: | Code function: | 1_2_000000014000BB40 | |
Source: | Code function: | 1_2_000000014004EB60 | |
Source: | Code function: | 1_2_0000000140005370 | |
Source: | Code function: | 1_2_000000014002CB80 | |
Source: | Code function: | 1_2_000000014006B390 | |
Source: | Code function: | 1_2_0000000140054BA0 | |
Source: | Code function: | 1_2_0000000140033BB0 | |
Source: | Code function: | 1_2_00000001400263C0 | |
Source: | Code function: | 1_2_00000001400123C0 | |
Source: | Code function: | 1_2_0000000140063BD0 | |
Source: | Code function: | 1_2_00000001400663F0 | |
Source: | Code function: | 1_2_0000000140023BF0 | |
Source: | Code function: | 1_2_000000014006B41B | |
Source: | Code function: | 1_2_000000014006B424 | |
Source: | Code function: | 1_2_000000014006B42D | |
Source: | Code function: | 1_2_000000014006B436 | |
Source: | Code function: | 1_2_000000014006B43D | |
Source: | Code function: | 1_2_0000000140024440 | |
Source: | Code function: | 1_2_0000000140005C40 | |
Source: | Code function: | 1_2_000000014006B446 | |
Source: | Code function: | 32_2_00007FF72A9D9370 | |
Source: | Code function: | 32_2_00007FF72A9EBD00 | |
Source: | Code function: | 32_2_00007FF72A9E2210 | |
Source: | Code function: | 32_2_00007FF72A9EB184 | |
Source: | Code function: | 32_2_00007FF72A9E72AC | |
Source: | Code function: | 32_2_00007FF72A9DC314 | |
Source: | Code function: | 32_2_00007FF72A9E0F98 | |
Source: | Code function: | 32_2_00007FF72A9EB7AC | |
Source: | Code function: | 32_2_00007FF72A9DB0E0 | |
Source: | Code function: | 32_2_00007FF72A9E08D8 | |
Source: | Code function: | 32_2_00007FF72A9E7D98 | |
Source: | Code function: | 32_2_00007FF72A9E8F04 | |
Source: | Code function: | 32_2_00007FF72A9E66F8 | |
Source: | Code function: | 32_2_00007FF72A9D9E90 | |
Source: | Code function: | 32_2_00007FF72A9EA670 |
Source: | Code function: |
Source: | Code function: | 1_2_0000000140046C90 | |
Source: | Code function: | 1_2_000000014006A4B0 | |
Source: | Code function: | 32_2_00007FF72A9E07E8 |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Binary string: |
Source: | Classification label: |
Source: | Code function: | 32_2_00007FF72A9D7C40 |
Source: | Code function: | 32_2_00007FF72A9EFC05 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_0000000140056A4E |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_000000014005C340 |
Source: | Code function: | 1_2_000000014005D290 | |
Source: | Code function: | 32_2_00007FF72A9E6334 | |
Source: | Code function: | 32_2_00007FF72A9E72AC | |
Source: | Code function: | 32_2_00007FF72A9E5DE8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 35_2_00007FF7B6DB54A0 |
Source: | Code function: | 32_2_00007FF72A9E15C4 |
Source: | Code function: | 1_2_0000000140048AC0 |
Source: | Code function: | 32_2_00007FF72A9ED120 | |
Source: | Code function: | 32_2_00007FF72A9ECE08 | |
Source: | Code function: | 35_2_00007FF7B6DB2D14 | |
Source: | Code function: | 35_2_00007FF7B6DB29F0 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Benign windows process drops PE files | Show sources |
Source: | File created: | Jump to dropped file |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | |||
Source: | Memory protected: | |||
Source: | Memory protected: |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Contains functionality to prevent local Windows debugging | Show sources |
Source: | Code function: | 35_2_00007FF7B6DB54A0 | |
Source: | Code function: | 35_2_00007FF7B6DB5730 |
Uses Atom Bombing / ProGate to inject into other processes | Show sources |
Source: | Atom created: | Jump to behavior | ||
Source: | Atom created: |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: |
Source: | Code function: | 32_2_00007FF72A9D9CEC | |
Source: | Code function: | 32_2_00007FF72A9D9E90 |
Source: | Key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 32_2_00007FF72A9ED2B0 |
Source: | Code function: | 32_2_00007FF72A9D89B8 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Exploitation for Client Execution1 | Path Interception | Exploitation for Privilege Escalation1 | Masquerading11 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection412 | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Clipboard Data2 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection412 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information3 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Information Discovery35 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing2 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Timestomp1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | Virustotal | Browse | ||
66% | Metadefender | Browse | ||
73% | ReversingLabs | Win64.Infostealer.Dridex | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Avira | HEUR/AGEN.1114452 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 483801 |
Start date: | 15.09.2021 |
Start time: | 14:02:33 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 1ZDvfs8V0D (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winDLL@75/33@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\0ubYqNmr\PresentationHost.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 259072 |
Entropy (8bit): | 6.5074250085194665 |
Encrypted: | false |
SSDEEP: | 6144:8kfs4/kfxzJTbHfyH5KNXwy3Odjp19k5KNXf:fs4ixzJTbHmKVwy3OdLaKV |
MD5: | E3053C73EA240F4C2F7971B3905A91CF |
SHA1: | 1848AD66BD55E5484616FB85E80BA58BE1D5BA4B |
SHA-256: | 0BACCDB2B5ACB7B3C2E9085655457532964CAFFF1AE250016CE1A80E839B820C |
SHA-512: | 167BCC3E2552286F7D985A65674DA2FF0D0AA6A7F0C4C3B43193943B606E0133C06EEB33656EFBB8B827AC9221FB1BA00A49ADCC2489BD4F38DF62A015806DE3 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.5713351337971417 |
Encrypted: | false |
SSDEEP: | 12288:EVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:hfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 99DC6214A301EC2785D2CF7C7F97299A |
SHA1: | CE5582FEC9E8EFA376717CCB48B6EAEC021445A6 |
SHA-256: | 1159519F2E457E649B58FB718443482D82A881A0BB573CE464B81470A84EE570 |
SHA-512: | C0A40B686B975552B2850D80404EAAD514AAD0479AE263BAF9EA9C06E66F38AC969A25292BDA4B70E46AD77047FC99975CFD824031BDCBD812D344A57943D184 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.574254178712457 |
Encrypted: | false |
SSDEEP: | 12288:vVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1F1:GfP7fWsK5z9A+WGAW+V5SB6Ct4bnbF1 |
MD5: | 65C65AEB1008B6127B99502410591962 |
SHA1: | 84DC8DFA5379D435958D9BCCCB659C75024D8ACD |
SHA-256: | 3CBBCA45DF4E7C729C98EDA87D9D5C22B189816C615D369426A9DE82252438CA |
SHA-512: | 7E81B68280101B42203E4FE730E64E83A4B0EEFCAC8AAA34046FC410387D593455DF9DC0CAD00625F4912C3A6630853F867430DA85CBBD44DDDDBF056BA65AFE |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 370176 |
Entropy (8bit): | 6.448503897594857 |
Encrypted: | false |
SSDEEP: | 6144:Uca2EiZg+uTUbSFWjSJiIOKZXcmg3GexhxiZEOHHrpm1XUZLxEZEOHHrpm1XUZLx:UB2PsUbSFWWAkZXcmkVx+tLpm1EwtLpr |
MD5: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
SHA1: | F8672A2B3B32956CBC948A954CEF236581045B78 |
SHA-256: | E2255751C1CF58596C8FE70C3093E099F8D71ED89580CFD0156FFCF0FED32861 |
SHA-512: | F7A2A31910CD4694B58FFCED83A2CCF633B5594859F178AFB9F67C02E3E664DA72701E7E45AA5590C4F1E1C99C82B665F0C0B80401506F0DFA49B61A8EEBD6BA |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.571327907784248 |
Encrypted: | false |
SSDEEP: | 12288:0VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:xfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 313795BA80A00E0FE381B1B67D69E7EB |
SHA1: | 16A0F08CE8C1037577F53F0B30C0AA6C3E0B93AE |
SHA-256: | 241A3B55EC2D4071D725E4CC055E0CDD4806D81235380926035938B9D78B2BAD |
SHA-512: | D77FC2D25910BAE50B42B5B9934C7BB1E403E0DAA17950B089C9BDF9F96A4D6D0713EF60F184D46788A2DD5AE9672BB863573C6971436891159E0A52ABC56C4E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 254976 |
Entropy (8bit): | 5.093220071075157 |
Encrypted: | false |
SSDEEP: | 3072:1t+/6BNqqNRhdutq4jCoNhdxtYEbvyIwYKO8/+9vAwk4OdamabJ9:3Bhhd+7QKb |
MD5: | 9B517303C58CA8A450B97B0D71594CBB |
SHA1: | BE75E3F10E17400DA7C0FAF70BF16EE7D0AA93A8 |
SHA-256: | 2A38BFC3813D7E845F455B31DF099C8A6E657EF4556BFF681315F86A883A3314 |
SHA-512: | 6A47EC7800E1F1FCDBB44A018147CE4A87FF0F5B94597B182AAE4E8545D9B18FAAAA07379BA1086D8F7785F0F66C36E4B6C68FCF49130333B8A9DC3A9E9E08E8 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2117632 |
Entropy (8bit): | 3.5930830435644503 |
Encrypted: | false |
SSDEEP: | 12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | D3EA24EC3BDDCD42696E4921DA40EE85 |
SHA1: | 66E52EABFD5D7864B146370BF671BAD45EEA0F40 |
SHA-256: | 422CFB6508CABCCE469D03758CA7F31AB84BCA5023D1E90A1AAA9509606AB4B0 |
SHA-512: | 9470DA7680C59A6CFAE051B7A7E6F37DBBA86FE9354AEE87F36E1C51C861FE3740D293D8DA89B3415754D6BD01CD823D484FD10B59F1A0309CCD02CDF2A9C5F8 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49688 |
Entropy (8bit): | 6.083384253651048 |
Encrypted: | false |
SSDEEP: | 768:vcqpeHOwVxW4zmjjJF686T/5Lel2fBetjEWI9Whu3H1PcSP:vcEoVxJodg/tfiEAhu3VPcSP |
MD5: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
SHA1: | F0C392891B6D73EADB20F669A29064910507E55E |
SHA-256: | E459FF6CBA8C93589B206C07BDCCD2E6C57766BE6BB4754F2FB1DEF9EF2E3BDE |
SHA-512: | 6CFE325CD0A78D6ACC9473BA51069E234CB0F9A47F285A6204EE787902C77005491B41C301DD38602CC387329F214E700F9203E4ECE5077E58D30276821640E4 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2109440 |
Entropy (8bit): | 3.5755825512234485 |
Encrypted: | false |
SSDEEP: | 12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 8E85149714E4AA4F433A4CE1C19D5117 |
SHA1: | 21AE2AEFEA6183E34401283F8CA8C1DEF8745315 |
SHA-256: | 8FD182C1E88A8B760F1AAF9426AC013952ED7B6B16CC42C41DFB6BF5426CFC3A |
SHA-512: | D4FF8559DEFD5D1D0872E080499049B821CDD1DFBD36B98F66517B8ED182E174ADD80DFC0106C0CEBFAB13BAE644677377B4B861755948034C4E0C8953FA7089 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 732160 |
Entropy (8bit): | 6.573630291630044 |
Encrypted: | false |
SSDEEP: | 12288:U4O7JpqBbsczjBmavlNRO5Gy1ay0OBegtkGyLY9d/Dz/sJ+lGDyYgWPL/kc7yfnQ:U40JpqtZzjBRvI5Gdy0OjtwLY9BDz/PW |
MD5: | 8E2C63E761A22724382338F349C55014 |
SHA1: | 30C7F92A6E88C368B091E39665545EAFA8A6561F |
SHA-256: | 4CA6E16BEB57278E60E3EDCBCECDA1442AA344C424421E4B078F1213E6B99376 |
SHA-512: | 92F289DDBD9D1E5103C36308DA84779708A292DC54F49A0A1B79D65C563378BBF08C98F3732F25365CCF8175589D8E6187CEE2A694AE5FB73CA9E85AECFF4CF1 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.5708430190408773 |
Encrypted: | false |
SSDEEP: | 12288:NVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:UfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | DF4DF807E4E527783F510931E7185ED1 |
SHA1: | AC97907241593E2CFEF95679710AE841D73968CF |
SHA-256: | 8A23D5924772C1D006A47A6E9D91264F70F8EE4FDF1FBAF59EA6BE4F0A30E578 |
SHA-512: | 22359AEAB95E9DAE6B5BFE9E1A73AA8AE1B12D8DDC6AE3608D6DF9A9DBC2040CFE19B03F7E3EF143630CD6D37E4AC314B48D69BE0018BF6382397DDC3F70587A |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 83968 |
Entropy (8bit): | 7.071848641739436 |
Encrypted: | false |
SSDEEP: | 1536:5MVEZnXtREC/rMcgEPJV+G57ThjEC0kzJP+V5J9:3XzECTMpuDhjRVJGf |
MD5: | F325976CDC0F7E9C680B51B35D24D23A |
SHA1: | 8BA00280B451378802DD2A06BB139B8BEA78C90C |
SHA-256: | E24A61B15FD191DDC8A2CA82E22A759609E6099A832ADE0B5C0C6E0F1ABB05FE |
SHA-512: | 9D65A154758B5C38C09AACA1BB51E53FE6E8DEA374EAD88AEA33AB41525B3BB180211D6F6C93CA112197F7455842228960699DF471F47EE83DBC6CA59A5166EC |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.5713215141236527 |
Encrypted: | false |
SSDEEP: | 12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 6E1517DBFD59D8546E0328AAADEAD760 |
SHA1: | C9559CBC446173A55F6A10E81C933EA3B84A0F00 |
SHA-256: | 8998DA7CD34E9A15F109AF997A5B353D7E64E5232AA2490A7A77B771743DABE8 |
SHA-512: | BC1C0B48A1C08196AC17EFD496C9F91C4F04371DC4734E81D5D0A2B4F58DDF6CF56B137020A473D265A7293D6781DF96D8F8FD25B1551F727D0B608AB175CE88 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 143872 |
Entropy (8bit): | 6.942627183104786 |
Encrypted: | false |
SSDEEP: | 3072:0BuGag041hcWp1icKAArDZz4N9GhbkUNEk95l:5hudp0yN90vE |
MD5: | ED93B350C8EEFC442758A00BC3EEDE2D |
SHA1: | ADD14417939801C555BBBFFAF7388BD13DE2DE42 |
SHA-256: | ABD6D466E30626636D380A3C9FCC0D0B909C450F8EA74D8963881D7C46335CED |
SHA-512: | 7BA8D1411D9AEE3447494E248005A43F522CA684839FCD4C4592946B12DC4E73B1FF86D8E843B25A73E3F2463955815470304E4F219B36DBC94870BEBF700581 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2396160 |
Entropy (8bit): | 4.105742634696069 |
Encrypted: | false |
SSDEEP: | 12288:EVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1SZ:hfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | BE21B6427B06B62C5A09107CCBD8B302 |
SHA1: | A4B4E769C6F12B48BE095F3DE48F63B8A0E67255 |
SHA-256: | B606D16A2141A1DDFE5E92612FBE5096D52B23FDB727A032AB53A42103088957 |
SHA-512: | F44D536D00EC8C153CAC72CABC2F37E611A1AA3EF71708D3A76B4750614B6C92D102987F55335256094236EA18082580A8F995470798B9A0C44C1CA51F095963 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39304 |
Entropy (8bit): | 6.292969415106569 |
Encrypted: | false |
SSDEEP: | 768:miVyKshA4p2nOCD6DjOxMtjIQfU7r5YdGiEh07tvNZRAER1PnX:QhlkOO74XU7i8iEG7HZR/PX |
MD5: | 87AF711D6518C0CF91560D7C98301BBB |
SHA1: | 81B7B8261A33D4D983DFDC47A716686118F582F9 |
SHA-256: | 1B6381E83463416D9BE6656A81978B2EBA21587BBDE18E8CFEFA1C0F45378AAC |
SHA-512: | E4534E5A205D44579AB60FAA5B19A2034C688D191ABB8670CD77696ABB000A949F5ABC996E0989FD74B4DFBE43C863FF66FDA9C623B045A771283B1955D28C39 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.570136432932023 |
Encrypted: | false |
SSDEEP: | 12288:PVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:mfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 598089F8BBC211F63426A11C4D1669C5 |
SHA1: | F49A03775CA30E973ED8A409C3DD1D8DA1FAD8B7 |
SHA-256: | 6B7F8402BA89CFF5FAEBB6462A2F95A51ACF98ED5F4FE3E5736C41BE8079A96F |
SHA-512: | C311616C4DC190EE57024925E91D7EC1F315047EE771ECEA552BA62F9CECCD45F22915528AB13E011597666C21B4C86A31F6082D6F2120132B21394C35345039 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 622592 |
Entropy (8bit): | 5.333446181330722 |
Encrypted: | false |
SSDEEP: | 6144:ejoj2QDVJc1OcvH3AdKy9HGeofJgDEvr6slnCUGw/xIRLtxIRLuovZ:koj2UjmNwzaoo |
MD5: | 88B09DE7D0DF1D2E9BCA9BAE1346CB23 |
SHA1: | 83EEE4D2BF315730666763D7FA36A584224CA7EC |
SHA-256: | 7AC4B734A31AC4C29CCC53B7433773911CA46E1063A8B0F033AB9027D3427342 |
SHA-512: | 38DD3F5A9C60D242AD9BECE1407CBB007ED8A50A1844B9A4378ADB17AAAF0FEDB6A9D1E04642D49560717958A12E668A9A3CDD4484BD049509A89AC2EEB9E478 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 259904 |
Entropy (8bit): | 5.955701055747905 |
Encrypted: | false |
SSDEEP: | 3072:UfYIZJbRydnidilSnGvLqeD358rwW39nuyHjVozZcxSHfcBL1ljbEyB7HbIa+:Uf9JonidFnqLV358rNnJqcRcy10/ |
MD5: | CDD7C7DF2D0859AC3F4088423D11BD08 |
SHA1: | 128789A2EA904F684B5DF2384BA6EEF4EB60FB8E |
SHA-256: | D98DB8339EB1B93A7345EECAC2B7290FA7156E3E12B7632D876BD0FD1F31EC66 |
SHA-512: | A093BF3C40C880A80164F2CAA87DF76DCD854375C5216D761E60F3770DFA04F4B02EC0CA6313C32413AC99A3EBDC081CF915A7B468EE3CED80F9B1ECF4B49804 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.5759812053784814 |
Encrypted: | false |
SSDEEP: | 12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | AF795ECED1B9E05426D00B127B0A6D32 |
SHA1: | DC425E54D63E551BFDC320246287AC1F682BFA3C |
SHA-256: | 733F5F30574CAD5B08F71F86D9456E3F8F1BD5C88A72FAA9D29E37EB686B6A71 |
SHA-512: | AE871C28F8DC9D5DFDE7D11FAD7E8833498F1A4F48C5A479B8630B65D2834B58ADA42EBFB068E873E682FEBB2F465C6E32F93A185CDEB3CEE5069BEABB114ED1 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.571082307725634 |
Encrypted: | false |
SSDEEP: | 12288:UVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:RfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 13448A4FB3CA5C06C954D5B93BBBBCE0 |
SHA1: | D1AF98ED144F61358D72285028C896F52260FC0D |
SHA-256: | 68BFFD93E893637E289490E3E3A52EB937C9D7712F50A550B444A9CF57E79983 |
SHA-512: | F6AEFE9A9F5C6D4B1F7AD36A04AA26FB60E685E54DAEF47985AB3EC28AA84BF02B8B288C20381C98744F9F719E2AC17849B700CFA3E0EE38E2C9134F9F3E1FD3 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 266752 |
Entropy (8bit): | 6.897387942763048 |
Encrypted: | false |
SSDEEP: | 6144:D3hz8ahr1HO41TxQZMPALXksYuangs2+UvQ/KpmOq:D3hQAFbTxQUmksYuKSvQ/Kp |
MD5: | 3E8AFFA54035412F86663C8B44CAA2E5 |
SHA1: | FEC456E10294F45D6F8F472A6228D3D90CA6A29C |
SHA-256: | 277341B416424AEA462F74FF03DD1A46DECA687A6751AE9A2D5D5902C03BDE6B |
SHA-512: | D4070B64AD9A44A841C138E742AA3FD25A79F6DF99C216B5A11C315D8088BCE790F5CAD047B33D35A9DA1D428AA50D6CFB000F73A521D760F22F864D1D41027E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1189376 |
Entropy (8bit): | 6.169931271903684 |
Encrypted: | false |
SSDEEP: | 24576:+pL4Q4y94x7ZWe6b1B5I2M62kM0s1vt2txc/viVO1IORNfLc:uL4Q3S9b6b1UA9MPwOR5c |
MD5: | F7E36C20DB953DFF4FDDB817904C0E48 |
SHA1: | 8C6117B5DD68D397FD7C32F4746FB9B353D5DAE5 |
SHA-256: | 2C5EDE0807D8A5EC4B6E0FE0C308B37DBBDE12714FD9ADC4CE3EF4E0A5692207 |
SHA-512: | 32333A33DECD1AF0915FFDC48DA99831DA345010A91630C5245F2548939E33157F6151F596C09D0BEEAC3F15F08F79D4EEF4FAA4158BA023DEDFC4F6F6F56DF8 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.571324793039718 |
Encrypted: | false |
SSDEEP: | 12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 27CCEC84BA6CA777B27110197696FBEF |
SHA1: | DBB78FB380579999D89F4BDD500646FD6D3B8095 |
SHA-256: | 203F5FCF722964E9156B799555DE9E8B8E5DA43BE27EC4CEA2A145A537B112B4 |
SHA-512: | 1760D7393379D23F632820CDAEA112CACB95DA6E6887E8154EE6F0C23A981C26D61624807AA33AF5E53F1D346DCD40847FA4AF36F8872DDC3439267807C90865 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.5708385833605014 |
Encrypted: | false |
SSDEEP: | 12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | E4A228EF2BE7A7BB18B82E158B0BF492 |
SHA1: | E97954CEAFEAB7FC60EB68BF8D944C07DD8C9279 |
SHA-256: | 2EB2FB1CB783379733187C724170B7FAFF3E672B6126EF774FB898EB9954A59F |
SHA-512: | 33532604A87278CA1E668148A35A4CE2C78C2D6DAFEB1588FCF03561EE822233AC5582370CBEF7BD54BA59962697416E086D4BD6493B04ED6A4FA481248D3706 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 83968 |
Entropy (8bit): | 7.065737112404973 |
Encrypted: | false |
SSDEEP: | 1536:YKuZAtREC/rMcgEPJV+G57ThjEC0kzJP+V5J8:+AzECTMpuDhjRVJGq |
MD5: | B6C7834B60F72194E32822CD7F39D7A9 |
SHA1: | 26AC4990B1203DD53A299857477EB2DE5CDC0DB1 |
SHA-256: | 02F96A1E1233655997498DF6B11A48270DF05BDA561F004EDC83A165216A04C9 |
SHA-512: | 96E8E380902866247A2873348C88DB244E87E1F925FF78AF06CE5541C5A1AA535BDA6DEB8941D646A1E7E91801BE934D715C990C96B5764511438BBE597D5F8A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2396160 |
Entropy (8bit): | 4.105944663139605 |
Encrypted: | false |
SSDEEP: | 12288:zVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/6Z:ifP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 8EDDD923C44EA882400A14F7E08961E6 |
SHA1: | 7A3FC8D8000BBF4B889AEE4008B8A8479629D3FC |
SHA-256: | 92DC9761B348B60FDF62F2A8148E8BE5DAF8614163AF3EDA408C6235D78B5680 |
SHA-512: | 75C8787B6FF5D0B9434403CE741C013C2A59C6F10A5947990869C64C97B7F06F07ABC9AFE91AB70D570EA44BC24F9F145B718E503BE5D699F389D880DABD3BC4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42392 |
Entropy (8bit): | 5.943178981884173 |
Encrypted: | false |
SSDEEP: | 768:zYVfzVTBuXwMHhrdXbsxoXF8Q0no8pV1Pxo:CfuXXrdrXXD0no8xPxo |
MD5: | 6A3F2F3C36FE45A87E3BFA80B6D92E07 |
SHA1: | 8C211767AD8393F9F184FC926FE3B8913F414289 |
SHA-256: | 069608FF0FF5918681A80CF7603275DC6CD7D416A73D033D19962B0F0F1E1EAC |
SHA-512: | A75669E0481901FC7CFCA55FBC7BD7FC0E8636767537017A41B1C720F34B5AD45AC75555D0AD246AC0DF670FDC31CBA1BEFD21D63E112AD427472DE3EA59CAA6 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.57132661640891 |
Encrypted: | false |
SSDEEP: | 12288:VVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:MfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 5A782F93AABE4F2ED2ACBEC2833C93D6 |
SHA1: | 995BA0E8D5508D7B53A58CF5C82FF49AB773A191 |
SHA-256: | 8ACFC387ADF47F1D17569F1051E5D816139F8A7F645E9AA54DCB9B521BEBCAE8 |
SHA-512: | 0332E470C563975D54E7DBCDAC814348C12652389882D1235FCE426A40250B0E671F49950E322695D7498DA39AB2FAC5957ACCA3E644AD973ACA2F4B2B5C8C63 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 506184 |
Entropy (8bit): | 6.340311139921773 |
Encrypted: | false |
SSDEEP: | 6144:5el0JVJ8W9WUYEBaH2+8yafsjs3hXx6EfjZTheegL57KUgQGEEEsND0ZCYWh9Aig:UCVRAlEBgKyiv3V2e+X |
MD5: | 872AE9FE08ED1AA78208678967BE2FEF |
SHA1: | 846E6D44FBD2A5B9AC53427300B71D82355C712E |
SHA-256: | 457EA0477CB26432088F4EB910CFFBCBFA597EF65D63E9DB9109ED8529C902D4 |
SHA-512: | 5235DEC4BA556975B07B22729D1ECB0FB513D15D58DB94737B0B8B25AB4C629255B4EA2D8B6854DB53F0E79C3EE7B742850C5C604A0BE04B1C251216A395A427 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2113536 |
Entropy (8bit): | 3.57775166170893 |
Encrypted: | false |
SSDEEP: | 12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
MD5: | 54D6B919887A5134B1B7FBA52D9DB9DC |
SHA1: | 85808B5A47438F7C1F5F10E86CAE90E3BF6D2225 |
SHA-256: | A1A68697499261F40AEA56C406DACD945298612BE8CA952264133AFBA68592D8 |
SHA-512: | B3E9C3659D85815EC8740450CD0AD859AC827A5E0365FC1B45C744D9E64F33A05831ECB25450FE623F22989F683B75FDFF18419AC886E4B3CDCEA1A828E0F079 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 184832 |
Entropy (8bit): | 5.862106385432374 |
Encrypted: | false |
SSDEEP: | 3072:gzPq/xfWlkWmvIGaYLZ4yjchpChlyelcU4uuh0SEslWsXxgCzX0Fhf8LL8FT7:Eq5fWlkjuYLLtHyeFSEiXxZzb8FT |
MD5: | F1C2D10CA8161DB689CD4FDE756E2DBB |
SHA1: | C41E86E9755824D3775E2AD6CAC9A46C7AA1C417 |
SHA-256: | 8854450FEAD134B24FABF4B805434FCFDDF25D2179048410728F8901E0FE0906 |
SHA-512: | 5EBB1AD4261C689E22FE34CFB0C18D71451DD4F3694D8F521D181EB42FF90582D8EF8C8AB43BFC59D224452944D9602DB1030B633856E139442EEF0C2F4428F5 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4462 |
Entropy (8bit): | 5.481159077284676 |
Encrypted: | false |
SSDEEP: | 48:efUhXzCwetqO+hQTEPdQhIU2gwp9HhFTZyfUhy9UL5g8JTisy1m9icqrVWhgPPbH:efKD3ca09oDl8fKyHGnqrGgPP7 |
MD5: | E7D9B66B57847225C62F450426207762 |
SHA1: | C8A0768D0248D8EE769F1ADD84404097E8A4961D |
SHA-256: | 60C2B10062CD62D9B757DAC141989564F46A3653D48A2220300DE94E47BEEF54 |
SHA-512: | 237BCA55E1EE6C9C1CB857A8460BEC74ED017991CD0A722FE6D564C5E67C5C12FC7844FAF6C970AC167689D6E35D85CD44AD0E15062B7BDFC0C540772FCED818 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.5770452220314155 |
TrID: |
|
File name: | 1ZDvfs8V0D.dll |
File size: | 2109440 |
MD5: | 291d328b80fa04b559d8bef5875125f1 |
SHA1: | 86664f646c9b2d93102046b34b20ec495f3a58da |
SHA256: | 803674f9a33df4d1a18051592df46f57a5c735367773691ab2bfb17a21aa6eb6 |
SHA512: | c8e125d84d36b76416bb4f085426ca12ae53bb6f354ef96c6198fa325f1fe5ff02dc04e11a7be9182cbcfcf891f6b4d3ea80d8b238e7cd99b9d30b9883816278 |
SSDEEP: | 12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|....K.#}...'...}......{}....X.#}....f..|....g..}..*...a|.......}....N..}..*...E}..[.I.E|...'..U}....N.+}..[.K.P|. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x140041070 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x5E4E44CC [Thu Feb 20 08:35:24 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 6668be91e2c948b183827f040944057f |
Entrypoint Preview |
---|
Instruction |
---|
dec eax |
xor eax, eax |
dec eax |
add eax, 5Ah |
dec eax |
mov dword ptr [00073D82h], ecx |
dec eax |
lea ecx, dword ptr [FFFFECABh] |
dec eax |
mov dword ptr [00073D7Ch], edx |
dec eax |
add eax, ecx |
dec esp |
mov dword ptr [00073D92h], ecx |
dec esp |
mov dword ptr [00073DA3h], ebp |
dec esp |
mov dword ptr [00073D7Ch], eax |
dec esp |
mov dword ptr [00073D85h], edi |
dec esp |
mov dword ptr [00073D86h], esi |
dec esp |
mov dword ptr [00073D8Fh], esp |
dec eax |
mov ecx, eax |
dec eax |
sub ecx, 5Ah |
dec eax |
mov dword ptr [00073D89h], esi |
dec eax |
test eax, eax |
je 00007FF4C0A6D33Fh |
dec eax |
mov dword ptr [00073D45h], esp |
dec eax |
mov dword ptr [00073D36h], ebp |
dec eax |
mov dword ptr [00073D7Fh], ebx |
dec eax |
mov dword ptr [00073D70h], edi |
dec eax |
test eax, eax |
je 00007FF4C0A6D31Eh |
jmp ecx |
dec eax |
add edi, ecx |
dec eax |
mov dword ptr [FFFFEC37h], ecx |
dec eax |
xor ecx, eax |
jmp ecx |
retn 0008h |
ud2 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebx |
dec eax |
sub esp, 00000080h |
mov eax, F957B016h |
mov byte ptr [esp+7Fh], 00000037h |
mov edx, dword ptr [esp+78h] |
inc ecx |
mov eax, edx |
inc ecx |
or eax, 5D262B0Ch |
inc esp |
mov dword ptr [esp+78h], eax |
dec eax |
mov dword ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x202010 | 0x22b | .qlndvj |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa6390 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc0000 | 0x468 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc1000 | 0x2324 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x42000 | 0xc0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x40796 | 0x41000 | False | 0.776085486779 | data | 7.73364605679 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x42000 | 0x64f2c | 0x65000 | False | 0.702390160891 | data | 7.86574512659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa7000 | 0x178b8 | 0x18000 | False | 0.0694580078125 | data | 3.31515306295 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0xbf000 | 0x12c | 0x1000 | False | 0.06005859375 | PEX Binary Archive | 0.581723022719 | IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc0000 | 0x880 | 0x1000 | False | 0.139892578125 | data | 1.23838501563 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xc1000 | 0x2324 | 0x3000 | False | 0.0498046875 | data | 4.65321444248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.qkm | 0xc4000 | 0x74a | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.cvjb | 0xc5000 | 0x1e66 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tlmkv | 0xc7000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wucsxe | 0xc8000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.fltwtj | 0x10e000 | 0x1267 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.sfplio | 0x110000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rpg | 0x111000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.bewzc | 0x157000 | 0x1124 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vksvaw | 0x159000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wmhg | 0x15a000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kswemc | 0x15c000 | 0x36d | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kaxfk | 0x15d000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pjf | 0x15f000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.favk | 0x160000 | 0x1f7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vhtukj | 0x161000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.hmbyox | 0x1a7000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.txms | 0x1a8000 | 0x3fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vqqm | 0x1a9000 | 0x1af | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.cbwb | 0x1aa000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.sggk | 0x1ab000 | 0x74a | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.cbotn | 0x1ac000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.urf | 0x1ad000 | 0xebe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.yera | 0x1ae000 | 0x1f7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.sjj | 0x1af000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wcro | 0x1b0000 | 0x103 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.imkkq | 0x1b1000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.mrdc | 0x1b3000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.eaph | 0x1f9000 | 0x3ba | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wqzg | 0x1fa000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.uwxw | 0x1fb000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.acz | 0x1fc000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ktb | 0x1fd000 | 0x896 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.nqplrs | 0x1fe000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.btah | 0x1ff000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.majbu | 0x200000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.zefvk | 0x201000 | 0x13e | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.qlndvj | 0x202000 | 0x23b | 0x1000 | False | 0.080078125 | data | 1.11857321905 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xc00a0 | 0x370 | data | English | United States |
RT_MANIFEST | 0xc0410 | 0x56 | ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
USER32.dll | LookupIconIdFromDirectoryEx, WaitForInputIdle, GetParent, GetFocus |
SETUPAPI.dll | CM_Get_Resource_Conflict_DetailsW |
KERNEL32.dll | DeleteCriticalSection, DeleteTimerQueue, TerminateJobObject, GetFileInformationByHandle, GetThreadLocale, GetNamedPipeServerProcessId, GetConsoleFontSize |
GDI32.dll | CreateBitmapIndirect, GetPolyFillMode |
CRYPT32.dll | CertGetCTLContextProperty |
ADVAPI32.dll | AddAccessDeniedObjectAce |
SHLWAPI.dll | ChrCmpIW |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
GetFileVersionInfoA | 1 | 0x140037cd0 |
GetFileVersionInfoByHandle | 2 | 0x140012394 |
GetFileVersionInfoExA | 3 | 0x14003e42c |
GetFileVersionInfoExW | 4 | 0x140038c04 |
GetFileVersionInfoSizeA | 5 | 0x140035ab4 |
GetFileVersionInfoSizeExA | 6 | 0x140030664 |
GetFileVersionInfoSizeExW | 7 | 0x14001e37c |
GetFileVersionInfoSizeW | 8 | 0x14001fde8 |
GetFileVersionInfoW | 9 | 0x1400394d8 |
VerFindFileA | 10 | 0x14000bc90 |
VerFindFileW | 11 | 0x14000d0d4 |
VerInstallFileA | 12 | 0x140019a78 |
VerInstallFileW | 13 | 0x140027dfc |
VerLanguageNameA | 14 | 0x140032fdc |
VerLanguageNameW | 15 | 0x1400350c0 |
VerQueryValueA | 16 | 0x14001636c |
VerQueryValueW | 17 | 0x14000424c |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Microsoft Corporation. All rights reserv |
InternalName | bitsp |
FileVersion | 7.5.7600.16385 (win7_rtm.090713- |
CompanyName | Microsoft Corporati |
ProductName | Microsoft Windows Operating S |
ProductVersion | 6.1.7600 |
FileDescription | Background Intellig |
OriginalFilename | kbdy |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:03:29 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff675f90000 |
File size: | 140288 bytes |
MD5 hash: | A84133CCB118CF35D49A423CD836D0EF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:30 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7bf140000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:03:30 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:30 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:32 |
Start date: | 15/09/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff662bf0000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:03:33 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:37 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:40 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 14:03:44 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:03:48 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:03:51 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:03:55 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:03:58 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:02 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:05 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:08 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:12 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:15 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:16 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\msinfo32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6222a0000 |
File size: | 370176 bytes |
MD5 hash: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 14:04:17 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\AppData\Local\5zVf35m1I\msinfo32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72a9d0000 |
File size: | 370176 bytes |
MD5 hash: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
General |
---|
Start time: | 14:04:19 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:20 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\mfpmp.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff705b40000 |
File size: | 49688 bytes |
MD5 hash: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 14:04:21 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\AppData\Local\BxU\mfpmp.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b6db0000 |
File size: | 49688 bytes |
MD5 hash: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
General |
---|
Start time: | 14:04:23 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64a610000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 14:04:24 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\SystemPropertiesProtection.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7dbdb0000 |
File size: | 83968 bytes |
MD5 hash: | B6C7834B60F72194E32822CD7F39D7A9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00000001400495B0, Relevance: 8.7, APIs: 2, Strings: 2, Instructions: 1727COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140036F30, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005C340, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 886COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BD40, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 789COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D290, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048AC0, Relevance: 1.7, APIs: 1, Instructions: 185libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400524B0, Relevance: .8, Instructions: 815COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140065B80, Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140034870, Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061360, Relevance: 6.3, APIs: 4, Instructions: 290registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005F9F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBB9, Relevance: 3.1, APIs: 2, Instructions: 79filetimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBD2, Relevance: 3.1, APIs: 2, Instructions: 77filetimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBE8, Relevance: 3.1, APIs: 2, Instructions: 76filetimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060D10, Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBF8, Relevance: 3.1, APIs: 2, Instructions: 73filetimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005FDA0, Relevance: 1.6, APIs: 1, Instructions: 144synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060BA0, Relevance: 1.5, APIs: 1, Instructions: 44registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F940, Relevance: .9, Instructions: 873COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140054BA0, Relevance: .8, Instructions: 797COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EB60, Relevance: .7, Instructions: 687COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003B220, Relevance: .6, Instructions: 645COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140024440, Relevance: .6, Instructions: 566COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023BF0, Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400123C0, Relevance: .5, Instructions: 544COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000B120, Relevance: .5, Instructions: 531COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400381A0, Relevance: .5, Instructions: 525COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003A2E0, Relevance: .5, Instructions: 521COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B390, Relevance: .5, Instructions: 458COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140005C40, Relevance: .4, Instructions: 450COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140067A40, Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000BB40, Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140069010, Relevance: .4, Instructions: 431COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001E170, Relevance: .4, Instructions: 401COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140002980, Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140010880, Relevance: .4, Instructions: 372COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001D910, Relevance: .4, Instructions: 369COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017B40, Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002CB80, Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400018D0, Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003AAC0, Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140064080, Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002D0D0, Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002A110, Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140062B00, Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B41B, Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066020, Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140007A60, Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B43D, Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B424, Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B42D, Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B436, Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B446, Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140069A50, Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001010, Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002EA00, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140018300, Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002E1B0, Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140016100, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400663F0, Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D850, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400319F0, Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400688A0, Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031340, Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F840, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400611A0, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022A00, Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022340, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063BD0, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140005370, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00007FF72A9E6334, Relevance: 82.5, APIs: 46, Strings: 1, Instructions: 226fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EB7AC, Relevance: 81.3, APIs: 54, Instructions: 315windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D9370, Relevance: 58.9, APIs: 39, Instructions: 410synchronizationwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EB184, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 305windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E08D8, Relevance: 56.3, APIs: 28, Strings: 4, Instructions: 267registrylibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7C40, Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 188comnetworkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EA9C4, Relevance: 31.6, APIs: 21, Instructions: 140windowclipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D9CEC, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E15C4, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 139libraryloadermemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EBD00, Relevance: 15.2, APIs: 10, Instructions: 188windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9ED2B0, Relevance: 9.0, APIs: 6, Instructions: 50timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4F80, Relevance: 135.0, APIs: 40, Strings: 37, Instructions: 229COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7860, Relevance: 89.5, APIs: 49, Strings: 2, Instructions: 261COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E48B0, Relevance: 86.1, APIs: 37, Strings: 12, Instructions: 393COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DA938, Relevance: 82.5, APIs: 46, Strings: 1, Instructions: 261COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DEB04, Relevance: 72.0, APIs: 39, Strings: 2, Instructions: 243COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E044C, Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 240COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DE530, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 221COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E4F40, Relevance: 54.5, APIs: 28, Strings: 3, Instructions: 262COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DD1FC, Relevance: 49.4, APIs: 27, Strings: 1, Instructions: 371windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF8E0, Relevance: 49.3, APIs: 21, Strings: 7, Instructions: 281COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E1C00, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 258libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D909C, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E4240, Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 227COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D69E0, Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 179memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC2C0, Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 117COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DE888, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 182COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E12C0, Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 151COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D59B0, Relevance: 25.6, APIs: 17, Instructions: 120windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E45BC, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 191COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E00D0, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 183COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D6F40, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 94COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E2048, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EA41C, Relevance: 19.6, APIs: 13, Instructions: 142windowfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DEF30, Relevance: 18.1, APIs: 12, Instructions: 114windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC0EC, Relevance: 18.1, APIs: 12, Instructions: 112windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E3A50, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF610, Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 177COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DC070, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 173commemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D5C10, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 108COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E1B38, Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF480, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 100COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E5350, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 105COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D5814, Relevance: 12.1, APIs: 8, Instructions: 57synchronizationtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D6478, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D723C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E7B90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DBDC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4410, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4B80, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3390, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4CC0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3CC0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D34D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D44B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3C20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4C20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3430, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D49A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D39B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4AE0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D32F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4A40, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3250, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3A50, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D47C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D37D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4720, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3F30, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4900, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4100, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3910, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4860, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3870, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D45F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4550, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D31B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3120, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3090, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC064, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35commemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3600, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E7C28, Relevance: 6.1, APIs: 4, Instructions: 62librarywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC4A4, Relevance: 6.0, APIs: 4, Instructions: 39registrymemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3B80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4370, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4190, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D42D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4230, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3730, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4060, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3DF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3AE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3FC0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3D50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |