Windows Analysis Report sb.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: AveMaria |
---|
{"C2 url": "cachepallioniwarznpa.icu", "port": 5200}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
AveMaria_WarZone | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 7 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Directory created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00CB8A55 |
E-Banking Fraud: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00CC0074 | |
Source: | Code function: | 0_2_00CD401C | |
Source: | Code function: | 0_2_00CFAD78 | |
Source: | Code function: | 0_2_00CF16A0 | |
Source: | Code function: | 0_2_00CF26B6 | |
Source: | Code function: | 0_2_00CF9230 | |
Source: | Code function: | 0_2_00CF9354 |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: |
Source: | Code function: | 0_2_00CB2C5D |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00CB249C |
Source: | Static file information: |
Source: | Directory created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00CFBED6 | |
Source: | Code function: | 0_2_00CBEE19 |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to hide user accounts | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00CDBC81 |
Source: | Code function: | 0_2_00CDD54C | |
Source: | Code function: | 0_2_00CBCAC7 | |
Source: | Code function: | 0_2_00CE73DD |
Source: | Code function: | 0_2_00CBC9B1 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00CDBC81 | |
Source: | Code function: | 0_2_00CBDF6A |
Source: | Code function: | 0_2_00CBEFC2 |
Stealing of Sensitive Information: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading2 | Input Capture21 | System Time Discovery1 | Remote Services | Input Capture21 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Information Discovery3 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Users1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | Virustotal | Browse | ||
42% | ReversingLabs | Win32.Trojan.Streamer |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Downloader.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen3 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 492126 |
Start date: | 28.09.2021 |
Start time: | 11:48:03 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | sb.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.troj.winEXE@2/0@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.7813426384094133 |
TrID: |
|
File name: | sb.exe |
File size: | 1627136 |
MD5: | e310cb3185d95e3dda42f0230b569d84 |
SHA1: | c20c8aa953f7df7e9b117258a0d31530e23ffc55 |
SHA256: | 82867648313483db4a6115e0cc2b34c06719ffdb6667e50e625e2dc130adfbca |
SHA512: | a0c4a70bc09ea2eb36a1a27af65891d866beec07a1c21208e0b05e549d3d2f7619bef9012dab9e121e53a6a1a56d642bfb5435520292dd879e30f4db71789bbd |
SSDEEP: | 12288:EjTG/NEiKx8FAuRg7Q7X/CRLL6/mkIHTydNNAF4B0laLpfqFR:EiAuRg7SFWIyFR |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................a...............................................r...T.......T.+.....T.......Rich............PE..L.. |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40eb3e |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6147C4FD [Sun Sep 19 23:17:17 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 9d3536f958f133fe568939841471fa60 |
Authenticode Signature |
---|
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5F47B0139E6B49D14882A7ABD4026C5A |
Thumbprint SHA-1: | D877BC4EA5A61864AA45BCB3F7EBDCD8ACBC5D5D |
Thumbprint SHA-256: | 72A2371C9873A8CF56E98A6EACB267DEC076593AC0A6917DC10B479F19B9EA6F |
Serial: | 00D79739187C585E453C00AFC11D77B523 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F8CE8A092C1h |
jmp 00007F8CE8A08C1Eh |
ret |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
pop ebp |
ret |
mov ecx, dword ptr [0044E638h] |
xor eax, eax |
cmp ecx, 0040EB48h |
setne al |
ret |
int3 |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 0Fh |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007F8CE8A093AFh |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 07h |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007F8CE8A09399h |
push ebp |
mov ebp, esp |
sub esp, 00000324h |
push ebx |
push 00000017h |
call 00007F8CE8A062A0h |
test eax, eax |
je 00007F8CE8A08DF7h |
mov ecx, dword ptr [ebp+08h] |
int 29h |
push 00000003h |
call 00007F8CE8A08FBAh |
mov dword ptr [esp], 000002CCh |
lea eax, dword ptr [ebp-00000324h] |
push 00000000h |
push eax |
call 00007F8CE8A0C023h |
add esp, 0Ch |
mov dword ptr [ebp-00000274h], eax |
mov dword ptr [ebp-00000278h], ecx |
mov dword ptr [ebp-0000027Ch], edx |
mov dword ptr [ebp-00000280h], ebx |
mov dword ptr [ebp-00000284h], esi |
mov dword ptr [ebp-00000288h], edi |
mov word ptr [ebp-0000025Ch], ss |
mov word ptr [ebp+00FFFD98h], cs |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5c4a4 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18b000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x18ae00 | 0x2600 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x18c000 | 0x3914 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x58730 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x58828 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x58788 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x4e000 | 0x638 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4c3fa | 0x4c400 | False | 0.454738729508 | data | 6.61929420007 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x4e000 | 0x107c4 | 0x10800 | False | 0.418604995265 | data | 5.4012865504 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5f000 | 0x12b554 | 0x12a200 | False | 0.175606001048 | data | 2.35283899818 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18b000 | 0x1e0 | 0x200 | False | 0.53125 | data | 4.71229819329 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x18c000 | 0x3914 | 0x3a00 | False | 0.747306034483 | data | 6.62483061725 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0x18b060 | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetProcessHeaps, GetProcessId, GetProcessTimes, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetVersion, GetVersionExW, GetWindowsDirectoryW, HeapAlloc, HeapCreate, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetPerformanceInfo, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, LockFileEx, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, ProcessIdToSessionId, QueryDosDeviceW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, ReplaceFileW, ResetEvent, ResumeThread, GetEnvironmentStringsW, RtlCaptureStackBackTrace, RtlUnwind, SearchPathW, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetProcessShutdownParameters, SetStdHandle, SetThreadPriority, SetUnhandledExceptionFilter, SignalObjectAndWait, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, GetProcessHandleCount, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeW, WakeAllConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory, lstrlenW, GetModuleFileNameA, SizeofResource, SetThreadLocale, InitializeCriticalSectionEx, FindResourceA, lstrlenA, GlobalAlloc, FreeConsole, IsDBCSLeadByte, LoadResource, DecodePointer, GlobalLock, lstrcmpiA, GlobalUnlock, MulDiv, InterlockedFlushSList, FlushInstructionCache, InterlockedPushEntrySList, InterlockedPopEntrySList, GetProcessHeap, GetProcAddress, GetDriveTypeW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetConsoleMode, GetConsoleCP, GetComputerNameExW, GetCommandLineW, GetCommandLineA, GetCPInfo, GetACP, FreeLibrary, FreeEnvironmentStringsW, FormatMessageA, FlushViewOfFile, FlushFileBuffers, FindNextFileW, FindFirstFileExW, FindClose, FileTimeToSystemTime, ExpandEnvironmentStringsW, ExitProcess, EnumSystemLocalesW, EnumSystemLocalesEx, EnterCriticalSection, EncodePointer, DuplicateHandle, DisconnectNamedPipe, DeleteFileW, DeleteCriticalSection, DebugBreak, CreateThread, CreateSemaphoreW, CreateRemoteThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateJobObjectW, CreateIoCompletionPort, CreateFileW, CreateFileMappingW, CreateEventW, CreateDirectoryW, ConnectNamedPipe, CompareStringW, CloseHandle, AssignProcessToJobObject, GetOEMCP, GetNativeSystemInfo, GetModuleHandleW, GetModuleHandleExW, GetModuleHandleA, GetModuleFileNameW, GetLongPathNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileType, GetFileSizeEx, GetFileInformationByHandleEx, GetFileInformationByHandle, GetFileAttributesW, SystemTimeToTzSpecificLocalTime, GetExitCodeProcess, RtlCaptureContext, AcquireSRWLockExclusive |
USER32.dll | RegisterClassExA, InvalidateRect, ReleaseDC, BeginPaint, EndPaint, UnregisterClassW, TranslateMessage, SetProcessWindowStation, SetProcessDPIAware, SendMessageTimeoutW, RegisterClassW, PostMessageW, IsWindow, GetWindowThreadProcessId, GetUserObjectInformationW, GetThreadDesktop, PtInRect, GetMessageW, FindWindowExW, DispatchMessageW, DestroyWindow, DefWindowProcW, CreateWindowStationW, CreateWindowExW, GetClientRect, CharNextW, SetFocus, GetParent, CharNextA, GetKeyState, GetFocus, AllowSetForegroundWindow, CloseDesktop, CloseWindowStation, CreateDesktopW, GetProcessWindowStation, UnregisterClassA, UnionRect, LoadCursorA, GetDC, SetWindowPos, EqualRect, IntersectRect, CreateWindowExA, DefWindowProcA, MessageBoxA, GetWindowLongA, IsChild, CallWindowProcA, SetWindowLongA, OffsetRect, GetClassInfoExA, ShowWindow, SetWindowRgn |
GDI32.dll | CloseMetaFile, SetWindowOrgEx, CreateRectRgnIndirect, SetWindowExtEx, GetDeviceCaps, DeleteDC, CreateMetaFileA, TextOutA, Rectangle, SetViewportOrgEx, RestoreDC, LPtoDP, CreateDCA, SetMapMode, SetTextAlign, DeleteMetaFile, SaveDC |
ADVAPI32.dll | ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateRestrictedToken, CreateWellKnownSid, DuplicateToken, DuplicateTokenEx, EqualSid, EventRegister, EventUnregister, EventWrite, FreeSid, GetAce, GetKernelObjectSecurity, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidSubAuthority, GetTokenInformation, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, InitializeSid, IsValidSid, LookupPrivilegeValueW, MapGenericMask, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteValueW, RegDisablePredefinedCache, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RevertToSelf, SetEntriesInAclW, SetKernelObjectSecurity, SetSecurityInfo, SetThreadToken, SetTokenInformation, SystemFunction036, RegEnumKeyExA, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegQueryInfoKeyW, AccessCheck |
SHELL32.dll | SHGetKnownFolderPath, SHGetFolderPathW, CommandLineToArgvW |
ole32.dll | OleRegGetUserType, OleRegGetMiscStatus, CoTaskMemRealloc, OleRegEnumVerbs, CreateDataAdviseHolder, WriteClassStm, CoTaskMemFree, CreateOleAdviseHolder, CoCreateInstance, StringFromGUID2, CoTaskMemAlloc, ReadClassStm, OleSaveToStream |
OLEAUT32.dll | GetErrorInfo, SetErrorInfo, CreateErrorInfo, VariantClear, VariantCopy, UnRegisterTypeLib, LoadRegTypeLib, VariantInit, LoadTypeLib, SysFreeString, RegisterTypeLib, SysStringByteLen, SysAllocStringByteLen, SysAllocString, OleCreatePropertyFrame, DispCallFunc, SysStringLen, VariantChangeType, VarUI4FromStr |
SHLWAPI.dll | PathMatchSpecW |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock |
VERSION.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
WINMM.dll | timeGetTime |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2021 11:49:30.395595074 CEST | 64021 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:30.430952072 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:53.463736057 CEST | 60784 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:53.496028900 CEST | 53 | 60784 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:54.142466068 CEST | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:54.177561045 CEST | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:54.918437004 CEST | 56009 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:54.954066038 CEST | 53 | 56009 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:54.957982063 CEST | 59026 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:54.987188101 CEST | 53 | 59026 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:55.492863894 CEST | 49572 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:55.512423992 CEST | 53 | 49572 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:56.018507004 CEST | 60823 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:56.060745001 CEST | 53 | 60823 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:56.488229990 CEST | 52130 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:56.508285046 CEST | 53 | 52130 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:56.752593994 CEST | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:56.774513006 CEST | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:56.821130991 CEST | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:56.840874910 CEST | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:56.961891890 CEST | 56527 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:57.051326036 CEST | 53 | 56527 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:57.714659929 CEST | 49559 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:57.786499977 CEST | 53 | 49559 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:58.701886892 CEST | 52650 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:58.721467018 CEST | 53 | 52650 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:59.124200106 CEST | 63297 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:59.141499996 CEST | 53 | 63297 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:49:59.428098917 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:49:59.447551966 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:04.014899969 CEST | 53615 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:04.033655882 CEST | 53 | 53615 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:06.862585068 CEST | 50728 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:06.885427952 CEST | 53 | 50728 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:17.668047905 CEST | 53777 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:17.688069105 CEST | 53 | 53777 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:33.446851015 CEST | 57106 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:33.466629028 CEST | 53 | 57106 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:33.992844105 CEST | 60352 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:34.028847933 CEST | 53 | 60352 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:49.282088995 CEST | 56773 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:49.324666977 CEST | 53 | 56773 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:50:57.420393944 CEST | 60982 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:50:57.441384077 CEST | 53 | 60982 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:51:23.579899073 CEST | 58058 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:51:23.598867893 CEST | 53 | 58058 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:51:33.562012911 CEST | 64367 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:51:33.581454992 CEST | 53 | 64367 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:51:58.063532114 CEST | 51539 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:51:58.091603041 CEST | 53 | 51539 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:52:45.367397070 CEST | 55393 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:52:45.387176991 CEST | 53 | 55393 | 8.8.8.8 | 192.168.2.3 |
Sep 28, 2021 11:52:59.463311911 CEST | 50585 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 28, 2021 11:52:59.484613895 CEST | 53 | 50585 | 8.8.8.8 | 192.168.2.3 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:49:08 |
Start date: | 28/09/2021 |
Path: | C:\Users\user\Desktop\sb.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 1627136 bytes |
MD5 hash: | E310CB3185D95E3DDA42F0230B569D84 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 11:49:09 |
Start date: | 28/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00CB7E5F, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103windowmemorysleepCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE3C3D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CF26B6, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1343COMMONCrypto
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBCAC7, Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CDBC81, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
C-Code - Quality: 74% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CDD54C, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB249C, Relevance: 1.5, APIs: 1, Instructions: 35comCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CF9354, Relevance: .1, Instructions: 105COMMONCrypto
C-Code - Quality: 72% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CF9230, Relevance: .1, Instructions: 82COMMONCrypto
C-Code - Quality: 72% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE73DD, Relevance: .0, Instructions: 23COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB3B08, Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 396stringregistryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CECE13, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBC898, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBC688, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBC7E8, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBC738, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB3258, Relevance: 13.8, APIs: 9, Instructions: 308COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB45F4, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 268registrycomCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB4ACE, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121libraryloaderCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB7A3A, Relevance: 12.1, APIs: 8, Instructions: 91COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB55B2, Relevance: 10.7, APIs: 7, Instructions: 196COMMON
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CEC87D, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB5D07, Relevance: 9.2, APIs: 6, Instructions: 154COMMON
C-Code - Quality: 36% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE5916, Relevance: 9.1, APIs: 6, Instructions: 128COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB1A6F, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB759B, Relevance: 9.1, APIs: 6, Instructions: 83COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB6476, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB49EF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB2104, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB20A1, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registrylibraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB2590, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CDD5FC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
C-Code - Quality: 25% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB5AF0, Relevance: 7.7, APIs: 5, Instructions: 173COMMON
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB8E9F, Relevance: 7.7, APIs: 5, Instructions: 155COMMON
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB1DBA, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBADF2, Relevance: 7.6, APIs: 5, Instructions: 88COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CEC1E5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBBBA4, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47commemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB2177, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE5C4C, Relevance: 6.3, APIs: 4, Instructions: 321COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB6D55, Relevance: 6.1, APIs: 4, Instructions: 133comCOMMON
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB53BC, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
C-Code - Quality: 40% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB1F80, Relevance: 6.1, APIs: 4, Instructions: 110comCOMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBA4C0, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB4D87, Relevance: 6.1, APIs: 4, Instructions: 85COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE5A6D, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB7D33, Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB19F7, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBBB5B, Relevance: 6.0, APIs: 4, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBBC44, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB3023, Relevance: 5.0, APIs: 4, Instructions: 44stringCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CBCB32, Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |