Windows Analysis Report Hesap Hareketleri 28-09-2021.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Code function: | 1_2_0071727D | |
Source: | Code function: | 1_2_0071BB62 | |
Source: | Code function: | 1_2_00715A60 | |
Source: | Code function: | 1_2_0071C264 | |
Source: | Code function: | 1_2_0071AA45 | |
Source: | Code function: | 1_2_00717447 | |
Source: | Code function: | 1_2_0071584B | |
Source: | Code function: | 1_2_0071A64C | |
Source: | Code function: | 1_2_0071604F | |
Source: | Code function: | 1_2_00715630 | |
Source: | Code function: | 1_2_0071743A | |
Source: | Code function: | 1_2_00715625 | |
Source: | Code function: | 1_2_0071262A | |
Source: | Code function: | 1_2_0071522C | |
Source: | Code function: | 1_2_0071561F | |
Source: | Code function: | 1_2_00715E04 | |
Source: | Code function: | 1_2_00713AF5 | |
Source: | Code function: | 1_2_00715CD4 | |
Source: | Code function: | 1_2_00715ADA | |
Source: | Code function: | 1_2_007156DD | |
Source: | Code function: | 1_2_007162C4 | |
Source: | Code function: | 1_2_007176B9 | |
Source: | Code function: | 1_2_007150AA | |
Source: | Code function: | 1_2_00710480 | |
Source: | Code function: | 1_2_00715F75 | |
Source: | Code function: | 1_2_00715561 | |
Source: | Code function: | 1_2_0071595B | |
Source: | Code function: | 1_2_0071A727 | |
Source: | Code function: | 1_2_007107F5 | |
Source: | Code function: | 1_2_007163E5 | |
Source: | Code function: | 1_2_0071ABDA | |
Source: | Code function: | 1_2_00715BC0 | |
Source: | Code function: | 1_2_007155B3 | |
Source: | Code function: | 1_2_0071079A |
Source: | Code function: | 1_2_0071727D | |
Source: | Code function: | 1_2_007176B9 | |
Source: | Code function: | 1_2_00717890 | |
Source: | Code function: | 1_2_00717719 |
Source: | Process Stats: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00402B24 | |
Source: | Code function: | 1_2_00406525 | |
Source: | Code function: | 1_2_0040431B | |
Source: | Code function: | 1_2_00711A95 | |
Source: | Code function: | 1_2_00711F68 | |
Source: | Code function: | 1_2_00711545 | |
Source: | Code function: | 1_2_00711F68 | |
Source: | Code function: | 1_2_00711A95 | |
Source: | Code function: | 1_2_0071712E | |
Source: | Code function: | 1_2_00717114 | |
Source: | Code function: | 1_2_00711A95 | |
Source: | Code function: | 1_2_00711F68 | |
Source: | Code function: | 1_2_00711A95 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_0071726F |
Anti Debugging: |
---|
Found potential dummy code loops (likely to delay analysis) | Show sources |
Source: | Process Stats: |
Source: | Code function: | 1_2_00719EDE | |
Source: | Code function: | 1_2_00716D70 | |
Source: | Code function: | 1_2_00719913 | |
Source: | Code function: | 1_2_0071ABDA |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 1_2_0071726F |
Source: | Code function: | 1_2_0071BB62 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Virtualization/Sandbox Evasion11 | Input Capture1 | Security Software Discovery21 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Virtualization/Sandbox Evasion11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery11 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 491950 |
Start date: | 28.09.2021 |
Start time: | 08:03:16 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Hesap Hareketleri 28-09-2021.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.troj.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.7538699249737375 |
TrID: |
|
File name: | Hesap Hareketleri 28-09-2021.exe |
File size: | 90112 |
MD5: | 2fca7a3e51417ee2e8aefafede0847d9 |
SHA1: | 931518250bed6cd21b6cab529ed3ad9ead83cdcf |
SHA256: | bffbffc2b1be154742fb81ecea14cb779b8fd81581ffce2855cf588f21a8020f |
SHA512: | 4d56a20cc61aa096fbd1e181ce72a79d237d90b7e20078fed0e3c767dfead51a5b1d150307ca911fbaffac206ef3679c99e9dc93dd37b3f5f419a55bb683220a |
SSDEEP: | 1536:tM0wFjVxFXrMGm0tEM5eoz/s74HEgKhs:tM0wFjV7XrXltPXs7SJgs |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...A6.L.................0... ...............@....@........ |
File Icon |
---|
Icon Hash: | 821ca88c8e8c8c00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012c8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4C923641 [Thu Sep 16 15:22:41 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e73b8c032c82c64991ebe487a7ffcd43 |
Entrypoint Preview |
---|
Instruction |
---|
push 0040FF80h |
call 00007F72DC9BEC83h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ebx+edx*2], ch |
and dword ptr [edx], esp |
std |
sbb eax, 52944436h |
push esp |
sbb byte ptr [esi], al |
sar dword ptr [eax+00000000h], 1 |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc edx |
add byte ptr [esi], al |
push eax |
add dword ptr [ecx], 73h |
popad |
jc 00007F72DC9BECF5h |
push 73676E69h |
add byte ptr [eax], al |
sbb al, 29h |
sbb al, 03h |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
cmp byte ptr [edx+ecx*8-66h], ch |
outsd |
adc eax, A74A902Eh |
mov bl, D9h |
dec esi |
pop ebp |
push esi |
dec esp |
stosd |
mov dword ptr [76B9991Fh], eax |
xor eax, 74B8462Ah |
add ch, ah |
call 00007F7289EB2702h |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push cs |
jmp far 0000h : 01A90000h |
add byte ptr [eax+eax], cl |
dec eax |
jc 00007F72DC9BED06h |
imul esp, dword ptr [ecx+62h], 65h |
jc 00007F72DC9BED00h |
xor dword ptr [eax], eax |
or eax, 50001201h |
outsd |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13684 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x540 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xe8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x12aec | 0x13000 | False | 0.519377055921 | data | 6.24667059185 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x14000 | 0xcf4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x15000 | 0x540 | 0x1000 | False | 0.1298828125 | data | 1.4104134768 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x15418 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x15404 | 0x14 | data | ||
RT_VERSION | 0x150f0 | 0x314 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | ChatSwipe |
InternalName | TOBENET |
FileVersion | 4.04.0001 |
CompanyName | ChatSwipe |
LegalTrademarks | ChatSwipe |
Comments | ChatSwipe |
ProductName | ChatSwipe |
ProductVersion | 4.04.0001 |
FileDescription | ChatSwipe |
OriginalFilename | TOBENET.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2021 08:04:43.679177046 CEST | 54513 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:04:43.706648111 CEST | 53 | 54513 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:11.663681984 CEST | 62044 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:11.702028990 CEST | 53 | 62044 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:12.749793053 CEST | 63791 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:12.784634113 CEST | 53 | 63791 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:13.378412008 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:13.439718962 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:13.796654940 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:13.816284895 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:14.339658976 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:14.359230995 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:15.067100048 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:15.088597059 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:15.551141024 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:15.574536085 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:15.585517883 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:15.600014925 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:16.310364008 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:16.330646992 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:17.862464905 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:17.879365921 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:18.499778986 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:18.517704964 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:34.030338049 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:34.057075024 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:05:38.985905886 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:05:39.016797066 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:06:02.887357950 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:06:02.918589115 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Sep 28, 2021 08:06:07.316895008 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 28, 2021 08:06:07.349633932 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 08:04:14 |
Start date: | 28/09/2021 |
Path: | C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 90112 bytes |
MD5 hash: | 2FCA7A3E51417EE2E8AEFAFEDE0847D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071727D, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007176B9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0071AA45, Relevance: 2.0, Strings: 1, Instructions: 724COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715561, Relevance: 1.9, Strings: 1, Instructions: 682COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007155B3, Relevance: 1.9, Strings: 1, Instructions: 679COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071743A, Relevance: 1.9, Strings: 1, Instructions: 652COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007156DD, Relevance: 1.9, Strings: 1, Instructions: 644COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715625, Relevance: 1.9, Strings: 1, Instructions: 640COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071561F, Relevance: 1.9, Strings: 1, Instructions: 631COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715630, Relevance: 1.9, Strings: 1, Instructions: 627COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071584B, Relevance: 1.8, Strings: 1, Instructions: 584COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071595B, Relevance: 1.8, Strings: 1, Instructions: 549COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715ADA, Relevance: 1.8, Strings: 1, Instructions: 525COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715A60, Relevance: 1.8, Strings: 1, Instructions: 505COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071ABDA, Relevance: 1.7, Strings: 1, Instructions: 496COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715BC0, Relevance: .5, Instructions: 462COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715CD4, Relevance: .4, Instructions: 409COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715E04, Relevance: .4, Instructions: 359COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00715F75, Relevance: .3, Instructions: 307COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071604F, Relevance: .3, Instructions: 276COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071079A, Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071262A, Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00710480, Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007107F5, Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007162C4, Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007163E5, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A64C, Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071522C, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00717447, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00713AF5, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007150AA, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071C264, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A727, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00719EDE, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071726F, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00716D70, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00719913, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413180, Relevance: 12.1, APIs: 8, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004133C0, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |