Windows Analysis Report iAnUTcO0gl.bin
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 0_2_0057B9F0 |
Source: | Static PE information: |
Source: | Static PE information: |
Networking: |
---|
Found Tor onion address | Show sources |
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Deletes shadow drive data (may be related to ransomware) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_004211B0 | |
Source: | Code function: | 0_2_0043C850 | |
Source: | Code function: | 0_2_00424C60 | |
Source: | Code function: | 0_2_00447460 | |
Source: | Code function: | 0_2_0057D010 | |
Source: | Code function: | 0_2_0045680E | |
Source: | Code function: | 0_2_0041CC20 | |
Source: | Code function: | 0_2_00410C20 | |
Source: | Code function: | 0_2_0044ECC0 | |
Source: | Code function: | 0_2_0041B4D0 | |
Source: | Code function: | 0_2_0040A0E0 | |
Source: | Code function: | 0_2_004058F0 | |
Source: | Code function: | 0_2_004068F0 | |
Source: | Code function: | 0_2_00418080 | |
Source: | Code function: | 0_2_0040C490 | |
Source: | Code function: | 0_2_0040B150 | |
Source: | Code function: | 0_2_00453154 | |
Source: | Code function: | 0_2_0042CD00 | |
Source: | Code function: | 0_2_0043B500 | |
Source: | Code function: | 0_2_00571110 | |
Source: | Code function: | 0_2_00535D00 | |
Source: | Code function: | 0_2_00450910 | |
Source: | Code function: | 0_2_00458910 | |
Source: | Code function: | 0_2_0040B520 | |
Source: | Code function: | 0_2_004515C0 | |
Source: | Code function: | 0_2_004049D0 | |
Source: | Code function: | 0_2_00427980 | |
Source: | Code function: | 0_2_004505B0 | |
Source: | Code function: | 0_2_0043A250 | |
Source: | Code function: | 0_2_00450250 | |
Source: | Code function: | 0_2_00464E50 | |
Source: | Code function: | 0_2_0040BA70 | |
Source: | Code function: | 0_2_00426670 | |
Source: | Code function: | 0_2_00436270 | |
Source: | Code function: | 0_2_00404610 | |
Source: | Code function: | 0_2_0058E634 | |
Source: | Code function: | 0_2_0056CED0 | |
Source: | Code function: | 0_2_0057EAC0 | |
Source: | Code function: | 0_2_0040D6E0 | |
Source: | Code function: | 0_2_0042B6E0 | |
Source: | Code function: | 0_2_0043CEF0 | |
Source: | Code function: | 0_2_00452680 | |
Source: | Code function: | 0_2_00549A98 | |
Source: | Code function: | 0_2_00436A90 | |
Source: | Code function: | 0_2_00423340 | |
Source: | Code function: | 0_2_0040CB50 | |
Source: | Code function: | 0_2_0040F350 | |
Source: | Code function: | 0_2_00434370 | |
Source: | Code function: | 0_2_0058E734 | |
Source: | Code function: | 0_2_0040BF30 | |
Source: | Code function: | 0_2_0041C330 | |
Source: | Code function: | 0_2_0043CB30 | |
Source: | Code function: | 0_2_0040B7C0 | |
Source: | Code function: | 0_2_0041FBC0 | |
Source: | Code function: | 0_2_0041CFC0 | |
Source: | Code function: | 0_2_00415FE0 | |
Source: | Code function: | 0_2_004563E0 | |
Source: | Code function: | 0_2_00457380 | |
Source: | Code function: | 0_2_00404790 | |
Source: | Code function: | 0_2_00457F90 | |
Source: | Code function: | 0_2_0040A7B0 | |
Source: | Code function: | 0_2_004393B0 | |
Source: | Code function: | 0_2_004523B0 | |
Source: | Code function: | 0_2_005667A0 |
Source: | Code function: |
Source: | Code function: | 0_2_0056B470 | |
Source: | Code function: | 0_2_0056ADE0 |
Source: | Code function: | 0_2_00566680 |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0059098F |
Source: | Static PE information: |
Source: | Code function: | 0_2_00401500 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00401500 |
Source: | Code function: | 0_2_00404120 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00404120 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_0040C490 |
Source: | Code function: | 0_2_0040C490 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Path Interception | Path Interception | Disable or Modify Tools1 | OS Credential Dumping | System Time Discovery2 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Deobfuscate/Decode Files or Information1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Proxy1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information2 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | File Deletion1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Virustotal | Browse | ||
6% | Metadefender | Browse | ||
30% | ReversingLabs | Win32.Ransomware.Noberus |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 537510 |
Start date: | 10.12.2021 |
Start time: | 00:22:29 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | iAnUTcO0gl.bin (renamed file extension from bin to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.rans.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.8625651762299045 |
TrID: |
|
File name: | iAnUTcO0gl.exe |
File size: | 2281472 |
MD5: | aea5d3cced6725f37e2c3797735e6467 |
SHA1: | 087497940a41d96e4e907b6dc92f75f4a38d861a |
SHA256: | 3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83 |
SHA512: | 5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66 |
SSDEEP: | 49152:BEqvaaAjc2hdKjb8WXqE1PiEbE/TKMt3/RgaJ2wW:BbyaALKjwWXV1P9oVvwwW |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,%.a........../..........."...................@..........................0#.......#...@... ............................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4014c0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6196252C [Thu Nov 18 10:04:28 2021 UTC] |
TLS Callbacks: | 0x54cff0, 0x58fc20, 0x58fbd0 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 2c3e267ae163c15bfc251e74ea5319b2 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 0Ch |
mov dword ptr [0062E538h], 00000001h |
call 00007FB278D4EAE3h |
add esp, 0Ch |
jmp 00007FB278BC01BBh |
lea esi, dword ptr [esi+00000000h] |
sub esp, 0Ch |
mov dword ptr [0062E538h], 00000000h |
call 00007FB278D4EAC3h |
add esp, 0Ch |
jmp 00007FB278BC019Bh |
nop |
nop |
nop |
nop |
nop |
nop |
push ebp |
mov ebp, esp |
push edi |
push esi |
push ebx |
sub esp, 1Ch |
mov dword ptr [esp], 00592000h |
call dword ptr [0062F4F8h] |
sub esp, 04h |
test eax, eax |
je 00007FB278BC0595h |
mov ebx, eax |
mov dword ptr [esp], 00592000h |
call dword ptr [0062F53Ch] |
sub esp, 04h |
mov edi, dword ptr [0062F504h] |
mov dword ptr [0062E578h], eax |
mov dword ptr [esp+04h], 00592013h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov esi, eax |
mov dword ptr [esp+04h], 00592029h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov dword ptr [00591004h], eax |
test esi, esi |
je 00007FB278BC0533h |
mov dword ptr [esp+04h], 0062E01Ch |
mov dword ptr [esp], 00620000h |
call esi |
mov dword ptr [esp], 004015B0h |
call 00007FB278D4E953h |
lea esp, dword ptr [ebp-0Ch] |
pop ebx |
pop esi |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x22f000 | 0x17d4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x232004 | 0x18 | .tls |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x22f3f4 | 0x318 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x18fa4c | 0x18fc00 | False | 0.505025724085 | data | 6.3953041283 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.data | 0x191000 | 0x108 | 0x200 | False | 0.201171875 | data | 1.18846736399 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.rdata | 0x192000 | 0x8d384 | 0x8d400 | False | 0.83537230365 | data | 7.62371909729 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.eh_fram | 0x220000 | 0xddc0 | 0xde00 | False | 0.281443552928 | data | 4.77538995626 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.bss | 0x22e000 | 0x58c | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.idata | 0x22f000 | 0x17d4 | 0x1800 | False | 0.383951822917 | data | 5.46369419159 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.CRT | 0x231000 | 0x54 | 0x200 | False | 0.123046875 | data | 0.664982495148 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
.tls | 0x232000 | 0x20 | 0x200 | False | 0.056640625 | data | 0.210826267787 | IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
ADVAPI32.dll | CloseServiceHandle, ControlService, EnumDependentServicesW, EnumServicesStatusExW, OpenProcessToken, OpenSCManagerW, OpenServiceW, QueryServiceStatusEx, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW |
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, AttachConsole, CancelIo, CloseHandle, CompareStringOrdinal, CopyFileExW, CreateEventW, CreateFileMappingA, CreateFileW, CreateMutexA, CreateNamedPipeW, CreateProcessW, CreateThread, CreateToolhelp32Snapshot, DeleteFileW, DeviceIoControl, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FindClose, FindFirstFileW, FindFirstVolumeW, FindNextFileW, FindNextVolumeW, FindVolumeClose, FormatMessageW, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleScreenBufferInfo, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFullPathNameW, GetLastError, GetLogicalDrives, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetTimeZoneInformation, GetVolumePathNamesForVolumeNameW, HeapAlloc, HeapFree, HeapReAlloc, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, MapViewOfFile, Module32FirstW, Module32NextW, MoveFileExW, OpenProcess, Process32FirstW, Process32NextW, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, ReadFile, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, SetConsoleCursorInfo, SetConsoleCursorPosition, SetConsoleMode, SetConsoleTextAttribute, SetFileAttributesW, SetFileInformationByHandle, SetFilePointerEx, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetVolumeMountPointW, Sleep, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UnmapViewOfFile, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, Wow64DisableWow64FsRedirection, WriteConsoleW, WriteFile, lstrlenW |
NETAPI32.dll | NetApiBufferFree, NetServerEnum, NetShareEnum |
ntdll.dll | RtlCaptureContext |
USER32.dll | SystemParametersInfoW |
WS2_32.dll | WSACleanup, WSAGetLastError, WSASocketW, WSAStartup, bind, closesocket, connect, freeaddrinfo, getaddrinfo, ioctlsocket, recv, recvfrom, send, sendto, setsockopt |
bcrypt.dll | BCryptGenRandom |
KERNEL32.dll | DeleteCriticalSection, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, VirtualProtect, VirtualQuery |
msvcrt.dll | __dllonexit, __getmainargs, __initenv, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _fpreset, _initterm, _iob, _lock, _onexit, _unlock, calloc, ceil, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, signal, strlen, strncmp, abort, atexit, vfprintf |
USERENV.dll | GetUserProfileDirectoryW |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 00:23:30 |
Start date: | 10/12/2021 |
Path: | C:\Users\user\Desktop\iAnUTcO0gl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2281472 bytes |
MD5 hash: | AEA5D3CCED6725F37E2C3797735E6467 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404120, Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 176memorythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AA70, Relevance: 35.0, APIs: 21, Strings: 2, Instructions: 545memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004021A0, Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 330memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057A480, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00427980, Relevance: 164.7, APIs: 92, Strings: 16, Instructions: 2696memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434370, Relevance: 126.3, APIs: 78, Strings: 5, Instructions: 1767memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CFC0, Relevance: 125.9, APIs: 65, Strings: 17, Instructions: 2945memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418080, Relevance: 122.2, APIs: 69, Strings: 11, Instructions: 2226COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B6E0, Relevance: 88.6, APIs: 51, Strings: 7, Instructions: 1568memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CD00, Relevance: 82.5, APIs: 47, Strings: 7, Instructions: 1457memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426670, Relevance: 79.4, APIs: 37, Strings: 15, Instructions: 1376memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C20, Relevance: 78.6, APIs: 42, Strings: 9, Instructions: 2127memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423340, Relevance: 73.4, APIs: 22, Strings: 26, Instructions: 1416COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436A90, Relevance: 70.9, APIs: 45, Strings: 1, Instructions: 1904memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424C60, Relevance: 67.7, APIs: 35, Strings: 9, Instructions: 1702memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FBC0, Relevance: 60.1, APIs: 27, Strings: 12, Instructions: 1604memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0056ADE0, Relevance: 54.7, APIs: 18, Strings: 13, Instructions: 457COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00571110, Relevance: 41.3, APIs: 13, Strings: 10, Instructions: 1055memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450910, Relevance: 30.7, APIs: 10, Strings: 10, Instructions: 651memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C490, Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 331timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0056CED0, Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 591memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004068F0, Relevance: 23.1, APIs: 5, Strings: 10, Instructions: 573memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004515C0, Relevance: 13.8, APIs: 6, Strings: 3, Instructions: 342memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401500, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D6E0, Relevance: 10.4, Strings: 8, Instructions: 380COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C330, Relevance: 9.6, APIs: 5, Strings: 1, Instructions: 650memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00566680, Relevance: 7.6, APIs: 5, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00457F90, Relevance: 6.7, Strings: 5, Instructions: 464COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058F0, Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 563memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045680E, Relevance: 2.9, Strings: 2, Instructions: 431COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004563E0, Relevance: 2.8, Strings: 2, Instructions: 323COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452680, Relevance: 1.6, Strings: 1, Instructions: 343COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CB30, Relevance: 1.5, Strings: 1, Instructions: 285COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00464E50, Relevance: 1.5, Strings: 1, Instructions: 246COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CC20, Relevance: 1.5, Strings: 1, Instructions: 205COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B7C0, Relevance: 1.5, Strings: 1, Instructions: 203COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044ECC0, Relevance: 1.4, APIs: 1, Instructions: 199COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049D0, Relevance: .8, Instructions: 811COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00549A98, Relevance: .5, Instructions: 534COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BA70, Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A0E0, Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CEF0, Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450250, Relevance: .3, Instructions: 293COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B150, Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A7B0, Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004505B0, Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00535D00, Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447460, Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404790, Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C850, Relevance: .2, Instructions: 217COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BF30, Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B520, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458910, Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404610, Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058E734, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058E634, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054D330, Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 319memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D4A0, Relevance: 28.9, APIs: 18, Strings: 1, Instructions: 355memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054D450, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 292memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054D220, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 156memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417B10, Relevance: 25.9, APIs: 15, Strings: 2, Instructions: 392memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054DBC0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 193memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042AF20, Relevance: 21.4, APIs: 10, Strings: 4, Instructions: 372memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057DB80, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 259memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054D480, Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 258memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00569790, Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 206fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0056A3B0, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 133memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042AA70, Relevance: 18.3, APIs: 10, Strings: 2, Instructions: 336memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025A0, Relevance: 15.4, APIs: 9, Strings: 1, Instructions: 450memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057B210, Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 206memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054DF50, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 131memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004470E0, Relevance: 13.8, APIs: 6, Strings: 3, Instructions: 256memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004965A0, Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 341memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004139B0, Relevance: 10.2, APIs: 8, Instructions: 156COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00570080, Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 254memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C63, Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 173memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423270, Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 161memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054DE50, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054D990, Relevance: 8.8, APIs: 7, Instructions: 73memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00535AE0, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 181memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D290, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 155memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A80, Relevance: 7.6, APIs: 6, Instructions: 112COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00570C60, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 87memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00570590, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 87memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CED0, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DBB0, Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 37memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403990, Relevance: 6.3, APIs: 5, Instructions: 84memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401900, Relevance: 6.3, APIs: 5, Instructions: 79memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A00, Relevance: 6.3, APIs: 5, Instructions: 52memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B530, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 124memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004176B0, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 111memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424B60, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 78memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054DA70, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 77memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058F8F0, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E810, Relevance: 5.3, APIs: 4, Instructions: 251COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FE0, Relevance: 5.1, APIs: 4, Instructions: 82memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |