Windows Analysis Report vXVHRRGG7c.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Trickbot |
---|
{"ver": "2000033", "gtag": "tot153", "servs": ["179.42.137.102:443", "191.36.152.198:443", "179.42.137.104:443", "179.42.137.106:443", "179.42.137.108:443", "202.183.12.124:443", "194.190.18.122:443", "103.56.207.230:443", "171.103.187.218:443", "171.103.189.118:443", "18.139.111.104:443", "179.42.137.105:443", "186.4.193.75:443", "171.101.229.2:443", "179.42.137.107:443", "103.56.43.209:443", "179.42.137.110:443", "45.181.207.156:443", "197.44.54.162:443", "179.42.137.109:443", "103.59.105.226:443", "45.181.207.101:443", "117.196.236.205:443", "72.224.45.102:443", "179.42.137.111:443", "96.47.239.181:443", "171.100.112.190:443", "117.196.239.6:443"], "autorun": ["pwgrabb", "pwgrabc"], "ecc_key": "RUNTMzAAAAAL/ZqmMPBLaRfg1hPOtFJrZz2Zi2/EC4B3fiX8VnaOUVKndBr+jEqWc7mw4v3ADTiwp64K5QKe1LZ27jUZxL4bWjxARPo85hv72nuedeZhRQ+adQQ/gIsV869MycRzghc="}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
Click to see the 1 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 1_2_0041D4AF | |
Source: | Code function: | 1_2_0041D9C5 | |
Source: | Code function: | 10_2_0041D4AF | |
Source: | Code function: | 10_2_0041D9C5 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Binary or memory string: |
Source: | Code function: | 1_2_00423386 | |
Source: | Code function: | 1_2_0042339B | |
Source: | Code function: | 1_2_0041AA1B | |
Source: | Code function: | 1_2_00417DEB | |
Source: | Code function: | 10_2_00423386 | |
Source: | Code function: | 10_2_0042339B | |
Source: | Code function: | 10_2_0041AA1B | |
Source: | Code function: | 10_2_00417DEB |
Source: | Static PE information: |
Source: | Code function: | 1_2_0040A361 | |
Source: | Code function: | 1_2_004147A0 | |
Source: | Code function: | 1_2_00416AD2 | |
Source: | Code function: | 1_2_0040EF5A | |
Source: | Code function: | 1_2_024A4CD0 | |
Source: | Code function: | 10_2_0040A361 | |
Source: | Code function: | 10_2_004147A0 | |
Source: | Code function: | 10_2_00416AD2 | |
Source: | Code function: | 10_2_0040EF5A | |
Source: | Code function: | 10_2_01264CD0 |
Source: | Code function: | 1_2_00403C23 | |
Source: | Code function: | 1_2_00403CE2 | |
Source: | Code function: | 10_2_00403C23 | |
Source: | Code function: | 10_2_00403CE2 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 1_2_0041B297 |
Source: | Process created: |
Source: | File written: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 1_2_00405A36 | |
Source: | Code function: | 1_2_00407B0E | |
Source: | Code function: | 1_2_024A2D9D | |
Source: | Code function: | 1_2_024A4048 | |
Source: | Code function: | 1_2_024A5B77 | |
Source: | Code function: | 1_2_024A487B | |
Source: | Code function: | 1_2_024A3FAC | |
Source: | Code function: | 1_2_024A2D9D | |
Source: | Code function: | 10_2_00405A36 | |
Source: | Code function: | 10_2_00407B0E | |
Source: | Code function: | 10_2_01262D9D | |
Source: | Code function: | 10_2_01264048 | |
Source: | Code function: | 10_2_0126487B | |
Source: | Code function: | 10_2_01265B77 | |
Source: | Code function: | 10_2_01262D9D | |
Source: | Code function: | 10_2_01263FAC |
Source: | Code function: | 1_2_004186ED |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 1_2_0042343E | |
Source: | Code function: | 1_2_004044B0 | |
Source: | Code function: | 1_2_004126B0 | |
Source: | Code function: | 1_2_00404767 | |
Source: | Code function: | 1_2_00411F00 | |
Source: | Code function: | 10_2_0042343E | |
Source: | Code function: | 10_2_004044B0 | |
Source: | Code function: | 10_2_004126B0 | |
Source: | Code function: | 10_2_00404767 | |
Source: | Code function: | 10_2_00411F00 |
Source: | Code function: | 1_2_00424D9A |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Found evasive API chain (trying to detect sleep duration tampering with parallel thread) | Show sources |
Source: | Function Chain: | ||
Source: | Function Chain: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 1_2_0041D4AF | |
Source: | Code function: | 1_2_0041D9C5 | |
Source: | Code function: | 10_2_0041D4AF | |
Source: | Code function: | 10_2_0041D9C5 |
Source: | Code function: | 1_2_004186ED |
Source: | Code function: | 1_2_02461030 |
Source: | Code function: | 1_2_023E095E | |
Source: | Code function: | 1_2_023E0456 | |
Source: | Code function: | 1_2_02461030 | |
Source: | Code function: | 10_2_00FB095E | |
Source: | Code function: | 10_2_00FB0456 | |
Source: | Code function: | 10_2_00FF1030 |
Source: | Code function: | 1_2_004039E7 |
Source: | Code function: | 1_2_0040B68A | |
Source: | Code function: | 1_2_0040B69C | |
Source: | Code function: | 10_2_0040B68A | |
Source: | Code function: | 10_2_0040B69C |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_004100FD | |
Source: | Code function: | 1_2_0040E0FD | |
Source: | Code function: | 1_2_004100A7 | |
Source: | Code function: | 1_2_004101C0 | |
Source: | Code function: | 1_2_0040E388 | |
Source: | Code function: | 1_2_0040E49B | |
Source: | Code function: | 1_2_0040E68F | |
Source: | Code function: | 1_2_0040DF28 | |
Source: | Code function: | 1_2_0040FFEA | |
Source: | Code function: | 10_2_004100FD | |
Source: | Code function: | 10_2_0040E0FD | |
Source: | Code function: | 10_2_004100A7 | |
Source: | Code function: | 10_2_004101C0 | |
Source: | Code function: | 10_2_0040E388 | |
Source: | Code function: | 10_2_0040E49B | |
Source: | Code function: | 10_2_0040E68F | |
Source: | Code function: | 10_2_0040DF28 | |
Source: | Code function: | 10_2_0040FFEA |
Source: | Code function: | 1_2_004066CD |
Source: | Code function: | 1_2_004066CD |
Source: | Code function: | 1_2_00424F12 |
Stealing of Sensitive Information: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Application Shimming1 | Process Injection211 | Masquerading1 | Input Capture2 | System Time Discovery2 | Remote Services | Input Capture2 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API11 | Boot or Logon Initialization Scripts | Application Shimming1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection211 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol3 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Scripting1 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information2 | DCSync | System Network Configuration Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | File and Directory Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery124 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | ReversingLabs | Win32.Trojan.TrickBot |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | ReversingLabs | Win32.Trojan.TrickBot |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
icanhazip.com | 104.18.7.156 | true | false | high | |
9.52.17.84.dnsbl-1.uceprotect.net | unknown | unknown | false | unknown | |
9.52.17.84.zen.spamhaus.org | unknown | unknown | false | high | |
9.52.17.84.cbl.abuseat.org | unknown | unknown | false | high | |
9.52.17.84.b.barracudacentral.org | unknown | unknown | false | high | |
9.52.17.84.spam.dnsbl.sorbs.net | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
179.42.137.102 | unknown | unknown | 22927 | TelefonicadeArgentinaAR | true | |
104.18.7.156 | icanhazip.com | United States | 13335 | CLOUDFLARENETUS | false | |
179.42.137.105 | unknown | unknown | 22927 | TelefonicadeArgentinaAR | true | |
59.4.68.75 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
171.103.189.118 | unknown | Thailand | 7470 | TRUEINTERNET-AS-APTRUEINTERNETCoLtdTH | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 490261 |
Start date: | 25.09.2021 |
Start time: | 10:22:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | vXVHRRGG7c.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@13/3@6/6 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:23:01 | API Interceptor | |
10:23:38 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
179.42.137.102 | Get hash | malicious | Browse | ||
104.18.7.156 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
icanhazip.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TelefonicadeArgentinaAR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1204 |
Entropy (8bit): | 4.291933112891695 |
Encrypted: | false |
SSDEEP: | 24:aEAlQS4pfPEwdw2FXipgMzD/97G3E4tV/+tBaBy:0l4pf8xIXiT9oE4t5YBl |
MD5: | D2B6BA2379B3DBCC6F757D92D20C3E47 |
SHA1: | 6584EB2FFC0C3308021BF6BE7C395DC8D22F0A4C |
SHA-256: | 09D14E5C54A44526E36E78A9BD97A5BD4F460578523DF6B824D160EB188BA781 |
SHA-512: | ABA8AFCE4DCF0DDC0CE07B57F521063747B38F3BC7692A020DD10E227D12286B1701ACB45CD91397DF79FFB56E34D0885D0902968C4ECADDF013D21BF8AA5E8E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10233 |
Entropy (8bit): | 5.10582120432788 |
Encrypted: | false |
SSDEEP: | 192:DdBYKtc+6GXBMGHbQNw5vfbG6RCFUzBT6N0HDFeCKE4M:DdBYCVQhGzd6ujrKLM |
MD5: | 5775E804AA3B7F597C3D9429B8A5B28C |
SHA1: | 807E2E18366E0F4E7891A21475303B02D28F6901 |
SHA-256: | DA06E0B6863552469522446B05BFA91AFB9A7F683CE44C83B849D3EDC355E08D |
SHA-512: | 7CE3D1697DD723EE28F38F9625AF1DD0BC72C51F7D71F801CC8C7701C82B856497DD6F660ED80D5D616C0C6667113EA5E3A764ED1423CE027FFA6ED79CA678A7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 528443 |
Entropy (8bit): | 7.022615303042581 |
Encrypted: | false |
SSDEEP: | 12288:cbVMh0tRyr3W3SZniM+uwkMx8nXoTT0WJZmo:WMh0tRy53lY8X2xJZmo |
MD5: | 051C20FD814AC34FFCFADD56EC872BE0 |
SHA1: | 6D4D301594BA01B9E4D8EAC59DC839090F090FDF |
SHA-256: | 7AA215495949E721B9AE8B3B28CB728AC3B3240438E67F2CC4F3BE2711D3D319 |
SHA-512: | 9A0F400CED3CEA1B366862AB4DDDE79D8C50D2D93AF5ABF9681207ACD5BD7D9652CCA8F213FA0FE26B7FC78184110256723D47287B8A7AA4E69B8F3CAF7D5025 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.022615303042581 |
TrID: |
|
File name: | vXVHRRGG7c.exe |
File size: | 528443 |
MD5: | 051c20fd814ac34ffcfadd56ec872be0 |
SHA1: | 6d4d301594ba01b9e4d8eac59dc839090f090fdf |
SHA256: | 7aa215495949e721b9ae8b3b28cb728ac3b3240438e67f2cc4f3be2711d3d319 |
SHA512: | 9a0f400ced3cea1b366862ab4ddde79d8c50d2d93af5abf9681207acd5bd7d9652cca8f213fa0fe26b7fc78184110256723d47287b8a7aa4e69b8f3caf7d5025 |
SSDEEP: | 12288:cbVMh0tRyr3W3SZniM+uwkMx8nXoTT0WJZmo:WMh0tRy53lY8X2xJZmo |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yq..."..."..."..."..."..."..."..."2..";.."..."P.."..."..."..."P.."..."Rich..."........................PE..L...}..`........... |
File Icon |
---|
Icon Hash: | 71b018ccc6577131 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4057bd |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x60E4CA7D [Tue Jul 6 21:26:21 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 675872e23dfc0f62ffbc2f69c316f4bc |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00429598h |
push 0040B324h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 58h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [0042735Ch] |
xor edx, edx |
mov dl, ah |
mov dword ptr [00432E94h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [00432E90h], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [00432E8Ch], ecx |
shr eax, 10h |
mov dword ptr [00432E88h], eax |
push 00000001h |
call 00007F21ACCEBA94h |
pop ecx |
test eax, eax |
jne 00007F21ACCE786Ah |
push 0000001Ch |
call 00007F21ACCE7928h |
pop ecx |
call 00007F21ACCEA974h |
test eax, eax |
jne 00007F21ACCE786Ah |
push 00000010h |
call 00007F21ACCE7917h |
pop ecx |
xor esi, esi |
mov dword ptr [ebp-04h], esi |
call 00007F21ACCED12Eh |
call dword ptr [0042717Ch] |
mov dword ptr [004335B8h], eax |
call 00007F21ACCECFECh |
mov dword ptr [00432E78h], eax |
call 00007F21ACCECD95h |
call 00007F21ACCECCD7h |
call 00007F21ACCE81A5h |
mov dword ptr [ebp-30h], esi |
lea eax, dword ptr [ebp-5Ch] |
push eax |
call dword ptr [00427178h] |
call 00007F21ACCECC68h |
mov dword ptr [ebp-64h], eax |
test byte ptr [ebp-30h], 00000001h |
je 00007F21ACCE7868h |
movzx eax, word ptr [ebp+00h] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c860 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x35000 | 0x4f6e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x27650 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x27000 | 0x64c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x253a6 | 0x26000 | False | 0.545088918586 | data | 6.48403042151 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x27000 | 0x79ee | 0x8000 | False | 0.326416015625 | data | 4.81513775397 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2f000 | 0x50e8 | 0x2000 | False | 0.391357421875 | data | 4.59613450041 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x35000 | 0x4f6e8 | 0x50000 | False | 0.779440307617 | data | 7.23576523208 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x35658 | 0x134 | data | English | United States |
RT_CURSOR | 0x3578c | 0xb4 | data | English | United States |
RT_BITMAP | 0x35840 | 0x5e4 | data | English | United States |
RT_BITMAP | 0x35e24 | 0xb8 | data | English | United States |
RT_BITMAP | 0x35edc | 0x16c | data | English | United States |
RT_BITMAP | 0x36048 | 0x144 | data | English | United States |
RT_ICON | 0x3618c | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676 | English | United States |
RT_ICON | 0x36474 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x3659c | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_DIALOG | 0x46dc4 | 0x122 | data | English | United States |
RT_DIALOG | 0x46ee8 | 0xd4 | data | English | United States |
RT_DIALOG | 0x46fbc | 0xe8 | data | English | United States |
RT_STRING | 0x470a4 | 0x4e | data | English | United States |
RT_STRING | 0x470f4 | 0x82 | data | English | United States |
RT_STRING | 0x47178 | 0x2a | data | English | United States |
RT_STRING | 0x471a4 | 0x14a | data | English | United States |
RT_STRING | 0x472f0 | 0x4e2 | data | English | United States |
RT_STRING | 0x477d4 | 0x2a2 | data | English | United States |
RT_STRING | 0x47a78 | 0x2dc | data | English | United States |
RT_STRING | 0x47d54 | 0xac | data | English | United States |
RT_STRING | 0x47e00 | 0xde | data | English | United States |
RT_STRING | 0x47ee0 | 0x4c4 | data | English | United States |
RT_STRING | 0x483a4 | 0x264 | data | English | United States |
RT_STRING | 0x48608 | 0x2c | data | English | United States |
RT_GROUP_CURSOR | 0x48634 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_ICON | 0x48658 | 0x22 | data | English | United States |
RT_GROUP_ICON | 0x4867c | 0x14 | data | ||
RT_VERSION | 0x48690 | 0x324 | data | English | United States |
RT_HTML | 0x489b4 | 0x3bd33 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, SetFileAttributesA, RtlUnwind, HeapAlloc, GetStartupInfoA, GetCommandLineA, RaiseException, HeapFree, TerminateProcess, CreateThread, ExitThread, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetACP, HeapSize, HeapReAlloc, FatalAppExitA, Sleep, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, GetFileSize, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetVersionExA, SetConsoleCtrlHandler, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFileAttributesA, GetShortPathNameA, GetProfileStringA, GetThreadLocale, GetStringTypeExA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, DeleteFileA, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, SetErrorMode, SizeofResource, GetCurrentDirectoryA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, FileTimeToLocalFileTime, FileTimeToSystemTime, GlobalFree, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, WaitForSingleObject, CloseHandle, GetModuleFileNameA, GlobalAlloc, lstrcmpA, GetCurrentThread, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, MulDiv, SetLastError, LoadLibraryA, FreeLibrary, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, LoadLibraryW, UnhandledExceptionFilter |
USER32.dll | ScrollWindowEx, IsDialogMessageA, SetWindowTextA, MoveWindow, ShowWindow, IsWindowEnabled, GetNextDlgTabItem, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, LoadBitmapA, GetMenuCheckMarkDimensions, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, CharToOemA, OemToCharA, PostQuitMessage, ShowOwnedPopups, SetCursor, GetCursorPos, ValidateRect, GetActiveWindow, TranslateMessage, GetMessageA, CreateDialogIndirectParamA, EndDialog, LoadStringA, DestroyMenu, GetClassNameA, PtInRect, GetDesktopWindow, LoadCursorA, GetSysColorBrush, SetCapture, ReleaseCapture, WaitMessage, GetWindowThreadProcessId, WindowFromPoint, InsertMenuA, DeleteMenu, GetMenuStringA, GetDialogBaseUnits, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, BringWindowToTop, CharUpperA, CheckRadioButton, CheckDlgButton, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, PeekMessageA, DispatchMessageA, GetFocus, SetActiveWindow, IsWindow, SetFocus, IsDlgButtonChecked, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, ScrollWindow, GetScrollInfo, SetScrollInfo, ShowScrollBar, GetScrollRange, SetScrollRange, SetScrollPos, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, TrackPopupMenu, SetWindowPlacement, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, EnableWindow, FillRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, KillTimer, SetTimer, IsIconic, DrawIcon, GetSystemMetrics, SendMessageA, GetWindowRect, GetSystemMenu, AppendMenuA, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, AdjustWindowRectEx, GetDlgItemInt, LoadIconA, InvalidateRect, GetClientRect, IsWindowUnicode, CharNextA, InflateRect, DefDlgProcA, DrawFocusRect, GetScrollPos |
GDI32.dll | StartDocA, SaveDC, RestoreDC, GetStockObject, SelectPalette, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, DeleteDC, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, DeleteObject, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextExtentPoint32A, GetTextMetricsA, CreateFontIndirectA, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, BitBlt, SelectObject, CreateCompatibleDC, SetArcDirection, CreateDIBitmap, PatBlt, GetTextExtentPointA, CreateCompatibleBitmap |
comdlg32.dll | GetFileTitleA |
WINSPOOL.DRV | DocumentPropertiesA, ClosePrinter, OpenPrinterA |
ADVAPI32.dll | RegSetValueExA, RegOpenKeyA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA |
SHELL32.dll | DragQueryFileA, DragFinish, DragAcceptFiles, SHGetFileInfoA |
COMCTL32.dll |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) 1998 |
InternalName | HistogramTest |
FileVersion | 1, 0, 0, 1 |
CompanyName | |
LegalTrademarks | |
ProductName | HistogramTest Application |
ProductVersion | 1, 0, 0, 1 |
FileDescription | HistogramTest MFC Application |
OriginalFilename | HistogramTest.EXE |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
09/25/21-10:23:39.069395 | TCP | 2404342 | ET CNC Feodo Tracker Reported CnC Server TCP group 22 | 49719 | 443 | 192.168.2.3 | 59.4.68.75 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 25, 2021 10:23:13.311970949 CEST | 49692 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.312025070 CEST | 443 | 49692 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.316478014 CEST | 49692 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.316531897 CEST | 49692 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.316545963 CEST | 443 | 49692 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.570955038 CEST | 443 | 49692 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.574572086 CEST | 49693 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.574620008 CEST | 443 | 49693 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.575813055 CEST | 49693 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.575860023 CEST | 49693 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.575870037 CEST | 443 | 49693 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.842649937 CEST | 443 | 49693 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.844172955 CEST | 49694 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.844224930 CEST | 443 | 49694 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:13.844322920 CEST | 49694 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.844717979 CEST | 49694 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:13.844731092 CEST | 443 | 49694 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:14.108721018 CEST | 443 | 49694 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:14.109443903 CEST | 49695 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:14.109483957 CEST | 443 | 49695 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:14.109587908 CEST | 49695 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:14.109955072 CEST | 49695 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:14.109963894 CEST | 443 | 49695 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:14.376431942 CEST | 443 | 49695 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:15.497716904 CEST | 49696 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.497771025 CEST | 443 | 49696 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:15.498311043 CEST | 49696 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.498637915 CEST | 49696 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.498647928 CEST | 443 | 49696 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:15.757308006 CEST | 443 | 49696 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:15.764159918 CEST | 49697 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.764209032 CEST | 443 | 49697 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:15.764631987 CEST | 49697 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.765014887 CEST | 49697 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:15.765041113 CEST | 443 | 49697 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.006421089 CEST | 443 | 49697 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.007174969 CEST | 49698 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.007220984 CEST | 443 | 49698 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.007375002 CEST | 49698 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.007738113 CEST | 49698 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.007754087 CEST | 443 | 49698 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.250520945 CEST | 443 | 49698 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.251543999 CEST | 49699 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.251600027 CEST | 443 | 49699 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.251750946 CEST | 49699 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.252233028 CEST | 49699 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:16.252249956 CEST | 443 | 49699 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:16.500025034 CEST | 443 | 49699 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:17.616784096 CEST | 49700 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.616837025 CEST | 443 | 49700 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:17.617008924 CEST | 49700 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.617356062 CEST | 49700 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.617412090 CEST | 443 | 49700 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:17.859669924 CEST | 443 | 49700 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:17.860596895 CEST | 49701 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.860649109 CEST | 443 | 49701 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:17.861166000 CEST | 49701 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.861377954 CEST | 49701 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:17.861401081 CEST | 443 | 49701 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.106950045 CEST | 443 | 49701 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.107912064 CEST | 49702 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.107961893 CEST | 443 | 49702 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.108083010 CEST | 49702 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.108447075 CEST | 49702 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.108460903 CEST | 443 | 49702 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.355218887 CEST | 443 | 49702 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.357355118 CEST | 49703 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.357395887 CEST | 443 | 49703 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.358671904 CEST | 49703 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.358710051 CEST | 49703 | 443 | 192.168.2.3 | 179.42.137.102 |
Sep 25, 2021 10:23:18.358719110 CEST | 443 | 49703 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:18.606065035 CEST | 443 | 49703 | 179.42.137.102 | 192.168.2.3 |
Sep 25, 2021 10:23:20.337102890 CEST | 49704 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.337148905 CEST | 443 | 49704 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.337270975 CEST | 49704 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.337703943 CEST | 49704 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.337718964 CEST | 443 | 49704 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.592924118 CEST | 443 | 49704 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.593749046 CEST | 49705 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.593800068 CEST | 443 | 49705 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.593926907 CEST | 49705 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.594424963 CEST | 49705 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.594439983 CEST | 443 | 49705 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.836878061 CEST | 443 | 49705 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.840282917 CEST | 49706 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.840333939 CEST | 443 | 49706 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:20.840440035 CEST | 49706 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.841284037 CEST | 49706 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:20.841300011 CEST | 443 | 49706 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:21.084714890 CEST | 443 | 49706 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:21.085608006 CEST | 49707 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:21.085661888 CEST | 443 | 49707 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:21.085772991 CEST | 49707 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:21.086509943 CEST | 49707 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:21.086527109 CEST | 443 | 49707 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:21.332976103 CEST | 443 | 49707 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.445704937 CEST | 49708 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.445764065 CEST | 443 | 49708 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.445879936 CEST | 49708 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.446147919 CEST | 49708 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.446157932 CEST | 443 | 49708 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.689569950 CEST | 443 | 49708 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.691926003 CEST | 49709 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.691976070 CEST | 443 | 49709 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.692090034 CEST | 49709 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.692646027 CEST | 49709 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.692652941 CEST | 443 | 49709 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.941313028 CEST | 443 | 49709 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.944503069 CEST | 49710 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.944569111 CEST | 443 | 49710 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:22.944801092 CEST | 49710 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.945400953 CEST | 49710 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:22.945420027 CEST | 443 | 49710 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:23.188891888 CEST | 443 | 49710 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:23.189794064 CEST | 49711 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:23.189862013 CEST | 443 | 49711 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:23.190015078 CEST | 49711 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:23.190356970 CEST | 49711 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:23.190375090 CEST | 443 | 49711 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:23.433481932 CEST | 443 | 49711 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:24.555682898 CEST | 49712 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.555744886 CEST | 443 | 49712 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:24.556353092 CEST | 49712 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.557661057 CEST | 49712 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.557673931 CEST | 443 | 49712 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:24.800272942 CEST | 443 | 49712 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:24.801157951 CEST | 49713 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.801217079 CEST | 443 | 49713 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:24.802165031 CEST | 49713 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.803229094 CEST | 49713 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:24.803261995 CEST | 443 | 49713 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.044857979 CEST | 443 | 49713 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.045705080 CEST | 49714 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.045753002 CEST | 443 | 49714 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.045874119 CEST | 49714 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.046534061 CEST | 49714 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.046564102 CEST | 443 | 49714 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.288414001 CEST | 443 | 49714 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.289118052 CEST | 49715 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.289170027 CEST | 443 | 49715 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.289285898 CEST | 49715 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.289613008 CEST | 49715 | 443 | 192.168.2.3 | 179.42.137.105 |
Sep 25, 2021 10:23:25.289627075 CEST | 443 | 49715 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:25.532164097 CEST | 443 | 49715 | 179.42.137.105 | 192.168.2.3 |
Sep 25, 2021 10:23:27.263130903 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:27.705192089 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:27.705317020 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:27.705889940 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:28.149167061 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:28.155143023 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:28.158540964 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:28.602617025 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:28.662971973 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:29.415225029 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:29.902132034 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:29.931365967 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:29.996798992 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:30.856003046 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:30.856113911 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:30.903347015 CEST | 49717 | 80 | 192.168.2.3 | 104.18.7.156 |
Sep 25, 2021 10:23:30.920702934 CEST | 80 | 49717 | 104.18.7.156 | 192.168.2.3 |
Sep 25, 2021 10:23:30.920948982 CEST | 49717 | 80 | 192.168.2.3 | 104.18.7.156 |
Sep 25, 2021 10:23:30.921077967 CEST | 49717 | 80 | 192.168.2.3 | 104.18.7.156 |
Sep 25, 2021 10:23:30.938733101 CEST | 80 | 49717 | 104.18.7.156 | 192.168.2.3 |
Sep 25, 2021 10:23:30.943857908 CEST | 80 | 49717 | 104.18.7.156 | 192.168.2.3 |
Sep 25, 2021 10:23:30.947065115 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:30.991219044 CEST | 49717 | 80 | 192.168.2.3 | 104.18.7.156 |
Sep 25, 2021 10:23:31.390508890 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:31.610658884 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:31.663140059 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:31.816751957 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:32.258112907 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:32.379441977 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:32.380968094 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:32.824341059 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:32.948224068 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:32.949990988 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:33.392822981 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:33.484270096 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:33.538446903 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:33.737627029 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:34.189167023 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:34.314053059 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:34.366445065 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:37.558589935 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:37.561574936 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.004961967 CEST | 449 | 49716 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:38.005042076 CEST | 49716 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.018651962 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:38.018898964 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.019154072 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.483231068 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:38.483264923 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:38.483776093 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.484235048 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:23:38.951916933 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:39.066756964 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:23:39.069395065 CEST | 49719 | 443 | 192.168.2.3 | 59.4.68.75 |
Sep 25, 2021 10:23:39.069463968 CEST | 443 | 49719 | 59.4.68.75 | 192.168.2.3 |
Sep 25, 2021 10:23:39.070255041 CEST | 49719 | 443 | 192.168.2.3 | 59.4.68.75 |
Sep 25, 2021 10:23:39.070295095 CEST | 49719 | 443 | 192.168.2.3 | 59.4.68.75 |
Sep 25, 2021 10:23:39.070303917 CEST | 443 | 49719 | 59.4.68.75 | 192.168.2.3 |
Sep 25, 2021 10:23:39.126008987 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:24:44.059925079 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:24:44.060313940 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:24:44.061539888 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:24:44.061815023 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:24:44.062009096 CEST | 49718 | 449 | 192.168.2.3 | 171.103.189.118 |
Sep 25, 2021 10:24:44.518883944 CEST | 449 | 49718 | 171.103.189.118 | 192.168.2.3 |
Sep 25, 2021 10:25:01.098867893 CEST | 49719 | 443 | 192.168.2.3 | 59.4.68.75 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 25, 2021 10:23:30.876858950 CEST | 51209 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:30.899730921 CEST | 53 | 51209 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:33.487632036 CEST | 49539 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:33.513423920 CEST | 53 | 49539 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:33.516525984 CEST | 57558 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:33.538508892 CEST | 53 | 57558 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:33.543143988 CEST | 53187 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:33.664612055 CEST | 53 | 53187 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:33.667074919 CEST | 58604 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:33.690701962 CEST | 53 | 58604 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:33.693366051 CEST | 51668 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:33.735809088 CEST | 53 | 51668 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:39.725044966 CEST | 52206 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:39.744283915 CEST | 53 | 52206 | 8.8.8.8 | 192.168.2.3 |
Sep 25, 2021 10:23:39.854254007 CEST | 56844 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 25, 2021 10:23:39.877835989 CEST | 53 | 56844 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 25, 2021 10:23:30.876858950 CEST | 192.168.2.3 | 8.8.8.8 | 0x1704 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.487632036 CEST | 192.168.2.3 | 8.8.8.8 | 0xc43e | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.516525984 CEST | 192.168.2.3 | 8.8.8.8 | 0xe690 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.543143988 CEST | 192.168.2.3 | 8.8.8.8 | 0x6130 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.667074919 CEST | 192.168.2.3 | 8.8.8.8 | 0xf9a5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.693366051 CEST | 192.168.2.3 | 8.8.8.8 | 0x815f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 25, 2021 10:23:30.899730921 CEST | 8.8.8.8 | 192.168.2.3 | 0x1704 | No error (0) | 104.18.7.156 | A (IP address) | IN (0x0001) | ||
Sep 25, 2021 10:23:30.899730921 CEST | 8.8.8.8 | 192.168.2.3 | 0x1704 | No error (0) | 104.18.6.156 | A (IP address) | IN (0x0001) | ||
Sep 25, 2021 10:23:33.513423920 CEST | 8.8.8.8 | 192.168.2.3 | 0xc43e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.538508892 CEST | 8.8.8.8 | 192.168.2.3 | 0xe690 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.664612055 CEST | 8.8.8.8 | 192.168.2.3 | 0x6130 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.690701962 CEST | 8.8.8.8 | 192.168.2.3 | 0xf9a5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 25, 2021 10:23:33.735809088 CEST | 8.8.8.8 | 192.168.2.3 | 0x815f | Name error (3) | none | none | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49717 | 104.18.7.156 | 80 | C:\Windows\System32\wermgr.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 25, 2021 10:23:30.921077967 CEST | 14 | OUT | |
Sep 25, 2021 10:23:30.943857908 CEST | 15 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:22:54 |
Start date: | 25/09/2021 |
Path: | C:\Users\user\Desktop\vXVHRRGG7c.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 528443 bytes |
MD5 hash: | 051C20FD814AC34FFCFADD56EC872BE0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:22:56 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ee4c0000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:22:57 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fb440000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:38 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fb440000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:39 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:39 |
Start date: | 25/09/2021 |
Path: | C:\Users\user\AppData\Local\browDownload3D\vXVHRRGG7c.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 528443 bytes |
MD5 hash: | 051C20FD814AC34FFCFADD56EC872BE0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:23:41 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ee4c0000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:42 |
Start date: | 25/09/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fb440000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00403C23, Relevance: 42.3, APIs: 5, Strings: 19, Instructions: 256libraryCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CE2, Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 196nativethreadinjectionCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024A4CD0, Relevance: 27.1, APIs: 10, Strings: 5, Instructions: 890sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02461030, Relevance: 18.4, APIs: 12, Instructions: 362libraryloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004186ED, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B297, Relevance: 13.6, APIs: 9, Instructions: 113COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004039E7, Relevance: 7.6, APIs: 5, Instructions: 140librarymemoryinjectionCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424F12, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B68A, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D8A, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BCDD, Relevance: 9.0, APIs: 6, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A1B5, Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024A5B40, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255AA, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416392, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A519, Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415F80, Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A4A, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02461D10, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041590C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055F0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042B0, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A266, Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BBAB, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424709, Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424D9A, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 99libraryloaderCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004100FD, Relevance: 9.1, APIs: 6, Instructions: 101COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FFEA, Relevance: 9.1, APIs: 6, Instructions: 98COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066CD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75timeCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404767, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DF28, Relevance: 3.1, APIs: 2, Instructions: 116COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D9C5, Relevance: 3.1, APIs: 2, Instructions: 64fileCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004101C0, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004100A7, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 29% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042343E, Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E68F, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E0FD, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E388, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E49B, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004044B0, Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B69C, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023E095E, Relevance: .4, Instructions: 362COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A361, Relevance: .3, Instructions: 259COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023E0456, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413B90, Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 263windowstringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138B0, Relevance: 30.2, APIs: 20, Instructions: 246COMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C58D, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 94stringCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041810D, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404595, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121B0, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 44stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411160, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 83stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422E61, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73stringCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004146D0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 52libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423C8D, Relevance: 18.1, APIs: 7, Strings: 5, Instructions: 66stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C230, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 194windowstringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412A20, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128threadwindowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414050, Relevance: 16.7, APIs: 11, Instructions: 199COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A5DC, Relevance: 16.6, APIs: 11, Instructions: 88synchronizationthreadinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D2E1, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041791D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8DD, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410305, Relevance: 13.7, APIs: 9, Instructions: 221COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B7BA, Relevance: 13.7, APIs: 9, Instructions: 177COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B435, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024614A0, Relevance: 12.2, APIs: 8, Instructions: 171COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404865, Relevance: 12.1, APIs: 8, Instructions: 98COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EEBC, Relevance: 10.7, APIs: 7, Instructions: 199COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414571, Relevance: 10.6, APIs: 7, Instructions: 140COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411420, Relevance: 10.6, APIs: 7, Instructions: 109COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BE31, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417858, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412EF0, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004251E4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047D2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
C-Code - Quality: 56% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412FB0, Relevance: 10.5, APIs: 7, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BC99, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004212B5, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25registrywindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F6FA, Relevance: 9.1, APIs: 6, Instructions: 143COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2D2, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424943, Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414300, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416951, Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042071C, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004218C1, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420C02, Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
C-Code - Quality: 24% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F8F0, Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F80A, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416221, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042560D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004228D7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024624F0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56librarymemoryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AC76, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EBCF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EB99, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183E8, Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417678, Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421959, Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421A0F, Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422438, Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042159C, Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004089C1, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A86, Relevance: 7.5, APIs: 5, Instructions: 38memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EE16, Relevance: 7.5, APIs: 5, Instructions: 38COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042477D, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004091A3, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423670, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1D5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50libraryloaderCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F795, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408D2B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C12A, Relevance: 6.3, APIs: 5, Instructions: 96stringCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B81, Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 264memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024621A0, Relevance: 6.2, APIs: 4, Instructions: 182COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413ED0, Relevance: 6.1, APIs: 4, Instructions: 131COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004205A4, Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CB6, Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004104C0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA77, Relevance: 6.1, APIs: 4, Instructions: 66timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411C70, Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411250, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411730, Relevance: 6.1, APIs: 4, Instructions: 52threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CDB2, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041739E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417417, Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041952E, Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411970, Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422369, Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417FD8, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F135, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F19E, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C7A4, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F87F, Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02462430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406350, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43threadCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F6D8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412C50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412C00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424A8A, Relevance: 5.1, APIs: 4, Instructions: 62COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004250E5, Relevance: 5.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040917A, Relevance: 5.0, APIs: 4, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00403C23, Relevance: 42.3, APIs: 5, Strings: 19, Instructions: 252libraryCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CE2, Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 196nativethreadinjectionCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01264CD0, Relevance: 27.1, APIs: 10, Strings: 5, Instructions: 890sleepCOMMONCrypto
C-Code - Quality: 52% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF1030, Relevance: 18.4, APIs: 12, Instructions: 362libraryloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004039E7, Relevance: 7.6, APIs: 5, Instructions: 140librarymemoryinjectionCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B68A, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004186ED, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B297, Relevance: 13.6, APIs: 9, Instructions: 113COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424F12, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A1B5, Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01265B40, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
C-Code - Quality: 21% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255AA, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416392, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A519, Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415F80, Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A4A, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF1D10, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041590C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055F0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042B0, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A266, Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BBAB, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004100FD, Relevance: 9.1, APIs: 6, Instructions: 101COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FFEA, Relevance: 9.1, APIs: 6, Instructions: 98COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413B90, Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 263windowstringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138B0, Relevance: 30.2, APIs: 20, Instructions: 246COMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D8A, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C58D, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 94stringCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041810D, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404595, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121B0, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 44stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424D9A, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 99libraryloaderCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411160, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 83stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422E61, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73stringCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004146D0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 52libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423C8D, Relevance: 18.1, APIs: 7, Strings: 5, Instructions: 66stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C230, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 194windowstringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412A20, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128threadwindowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414050, Relevance: 16.7, APIs: 11, Instructions: 199COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A5DC, Relevance: 16.6, APIs: 11, Instructions: 88synchronizationthreadinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D2E1, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041791D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8DD, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410305, Relevance: 13.7, APIs: 9, Instructions: 221COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B7BA, Relevance: 13.7, APIs: 9, Instructions: 177COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B435, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF14A0, Relevance: 12.2, APIs: 8, Instructions: 171COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404865, Relevance: 12.1, APIs: 8, Instructions: 98COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EEBC, Relevance: 10.7, APIs: 7, Instructions: 199COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414571, Relevance: 10.6, APIs: 7, Instructions: 140COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411420, Relevance: 10.6, APIs: 7, Instructions: 109COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BE31, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417858, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412EF0, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004251E4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047D2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
C-Code - Quality: 56% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412FB0, Relevance: 10.5, APIs: 7, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BC99, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004212B5, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25registrywindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F6FA, Relevance: 9.1, APIs: 6, Instructions: 143COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2D2, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424943, Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414300, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416951, Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042071C, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004218C1, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420C02, Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
C-Code - Quality: 24% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F8F0, Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F80A, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BCDD, Relevance: 9.0, APIs: 6, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416221, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042560D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004228D7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AC76, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF24F0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56librarymemoryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EBCF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EB99, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183E8, Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417678, Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421959, Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421A0F, Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422438, Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042159C, Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004089C1, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A86, Relevance: 7.5, APIs: 5, Instructions: 38memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EE16, Relevance: 7.5, APIs: 5, Instructions: 38COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042477D, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004091A3, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423670, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066CD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75timeCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1D5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50libraryloaderCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F795, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408D2B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C12A, Relevance: 6.3, APIs: 5, Instructions: 96stringCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B81, Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 264memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF21A0, Relevance: 6.2, APIs: 4, Instructions: 182COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413ED0, Relevance: 6.1, APIs: 4, Instructions: 131COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004205A4, Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422CB6, Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004104C0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA77, Relevance: 6.1, APIs: 4, Instructions: 66timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411C70, Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411250, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411730, Relevance: 6.1, APIs: 4, Instructions: 52threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CDB2, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041739E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417417, Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041952E, Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411970, Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422369, Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417FD8, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F135, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F19E, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C7A4, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F87F, Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406350, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43threadCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F6D8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412C50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412C00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424A8A, Relevance: 5.1, APIs: 4, Instructions: 62COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004250E5, Relevance: 5.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040917A, Relevance: 5.0, APIs: 4, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |