Windows
Analysis Report
aew.ocx
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 6332 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\aew .dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6340 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\aew .dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6360 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\aew. dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - regsvr32.exe (PID: 6348 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\ae w.dll MD5: 426E7499F6A7346F0410DEAD0805586B) - regsvr32.exe (PID: 6444 cmdline:
C:\Windows \SysWOW64\ regsvr32.e xe /s "C:\ Windows\Sy sWOW64\Iwj nrtcqqbgfs i\wfsnntpg tibz.klm" MD5: 426E7499F6A7346F0410DEAD0805586B) - rundll32.exe (PID: 6376 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllRegi sterClass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 6520 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllRegi sterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 6604 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllUnre gisterServ er MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
- svchost.exe (PID: 6488 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6804 cmdline:
c:\windows \system32\ svchost.ex e -k local service -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6928 cmdline:
c:\windows \system32\ svchost.ex e -k netwo rkservice -p -s DoSv c MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6996 cmdline:
C:\Windows \System32\ svchost.ex e -k Netwo rkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
- SgrmBroker.exe (PID: 7064 cmdline:
C:\Windows \system32\ SgrmBroker .exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
- svchost.exe (PID: 7088 cmdline:
c:\windows \system32\ svchost.ex e -k local servicenet workrestri cted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA) - MpCmdRun.exe (PID: 6432 cmdline:
"C:\Progra m Files\Wi ndows Defe nder\mpcmd run.exe" - wdenable MD5: A267555174BFA53844371226F482B86B) - conhost.exe (PID: 6588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- svchost.exe (PID: 2768 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
- cleanup
{"C2 list": ["209.15.236.39:8080", "162.244.80.68:443", "195.154.253.60:8080", "31.24.158.56:8080", "209.126.98.206:8080", "45.142.114.231:8080", "159.8.59.82:8080", "159.65.88.10:8080", "82.165.152.127:8080", "1.234.2.232:8080", "178.79.147.66:8080", "103.75.201.4:443", "131.100.24.231:80", "129.232.188.93:443", "173.212.193.249:8080", "107.182.225.142:8080", "103.134.85.85:80", "176.104.106.96:8080", "203.114.109.124:443", "216.158.226.206:443", "119.235.255.201:8080", "103.75.201.2:443", "176.56.128.118:443", "195.154.133.20:443", "51.254.140.238:7080", "45.118.115.99:8080", "212.237.56.116:7080", "138.185.72.26:8080", "158.69.222.101:443", "46.55.222.11:443", "79.172.212.216:8080", "81.0.236.90:443", "110.232.117.186:8080", "50.30.40.196:8080", "185.157.82.211:8080", "162.243.175.63:443", "178.128.83.165:80", "153.126.203.229:8080", "50.116.54.215:443", "45.176.232.124:443", "164.68.99.3:8080", "207.38.84.195:8080", "217.182.143.207:443", "212.24.98.99:8080", "45.118.135.203:7080", "58.227.42.236:80", "212.237.17.99:8080"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 7 entries |
System Summary |
---|
Source: | Author: Dmitriy Lifanov, oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_6EB57121 | |
Source: | Code function: | 5_2_6EB57121 |
Networking |
---|
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Network traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 5_2_6EB4CB52 |
Source: | Code function: | 3_2_6EB465A0 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 2_2_6EB76E02 | |
Source: | Code function: | 2_2_6EB73FA6 | |
Source: | Code function: | 2_2_6EB73A62 | |
Source: | Code function: | 2_2_6EB7469E | |
Source: | Code function: | 2_2_6EB757F1 | |
Source: | Code function: | 2_2_6EB647FD | |
Source: | Code function: | 2_2_6EB4E423 | |
Source: | Code function: | 2_2_6EB7351E | |
Source: | Code function: | 2_2_6EB6B3E5 | |
Source: | Code function: | 3_2_6EB76E02 | |
Source: | Code function: | 3_2_6EB73FA6 | |
Source: | Code function: | 3_2_6EB73A62 | |
Source: | Code function: | 3_2_6EB7469E | |
Source: | Code function: | 3_2_6EB757F1 | |
Source: | Code function: | 3_2_6EB647FD | |
Source: | Code function: | 3_2_6EB4E423 | |
Source: | Code function: | 3_2_6EB7351E | |
Source: | Code function: | 3_2_6EB6B3E5 | |
Source: | Code function: | 5_2_6EB76E02 | |
Source: | Code function: | 5_2_6EB73FA6 | |
Source: | Code function: | 5_2_6EB73A62 | |
Source: | Code function: | 5_2_6EB7469E | |
Source: | Code function: | 5_2_6EB757F1 | |
Source: | Code function: | 5_2_6EB647FD | |
Source: | Code function: | 5_2_6EB4E423 | |
Source: | Code function: | 5_2_6EB7351E | |
Source: | Code function: | 5_2_6EB6B3E5 |
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: |
Source: | Code function: | 2_2_6EB456B0 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 2_2_6EB66660 | |
Source: | Code function: | 2_2_6EB665E6 | |
Source: | Code function: | 3_2_6EB66660 | |
Source: | Code function: | 3_2_6EB665E6 | |
Source: | Code function: | 5_2_6EB66660 | |
Source: | Code function: | 5_2_6EB665E6 |
Source: | Code function: | 2_2_6EB7189F |
Source: | Static PE information: |
Source: | Process created: |
Source: | PE file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 3_2_6EB4A1F1 | |
Source: | Code function: | 3_2_6EB46170 | |
Source: | Code function: | 5_2_6EB4A1F1 | |
Source: | Code function: | 5_2_6EB46170 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Evasive API call chain: | graph_2-18634 | ||
Source: | Evasive API call chain: | graph_2-19013 | ||
Source: | Evasive API call chain: | graph_3-21917 |
Source: | File opened: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_6EB669AB |
Source: | Code function: | 3_2_6EB57121 | |
Source: | Code function: | 5_2_6EB57121 |
Source: | API call chain: | graph_2-19014 | ||
Source: | API call chain: | graph_3-22126 | ||
Source: | API call chain: | graph_3-22056 | ||
Source: | API call chain: | graph_5-23561 |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_6EB63DE0 |
Source: | Code function: | 2_2_6EB669AB |
Source: | Code function: | 2_2_6EB7189F |
Source: | Code function: | 2_2_6EB44010 |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_6EB6DF1C | |
Source: | Code function: | 2_2_6EB63DE0 | |
Source: | Code function: | 2_2_6EB68788 | |
Source: | Code function: | 3_2_6EB6DF1C | |
Source: | Code function: | 3_2_6EB63DE0 | |
Source: | Code function: | 3_2_6EB68788 | |
Source: | Code function: | 5_2_6EB6DF1C | |
Source: | Code function: | 5_2_6EB63DE0 | |
Source: | Code function: | 5_2_6EB68788 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_6EB72D4B | |
Source: | Code function: | 2_2_6EB505A6 | |
Source: | Code function: | 3_2_6EB72D4B | |
Source: | Code function: | 3_2_6EB505A6 | |
Source: | Code function: | 5_2_6EB72D4B | |
Source: | Code function: | 5_2_6EB505A6 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_6EB6CA8E |
Source: | Code function: | 3_2_6EB701F3 |
Source: | Code function: | 3_2_6EB4A04F |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 12 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 2 File and Directory Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 36 System Information Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 1 Query Registry | Distributed Component Object Model | Input Capture | Scheduled Transfer | 12 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 61 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Masquerading | Cached Domain Credentials | 3 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 3 Virtualization/Sandbox Evasion | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | 1 Remote System Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Regsvr32 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | Virustotal | Browse | ||
31% | Metadefender | Browse | ||
64% | ReversingLabs | Win32.Trojan.Mansabo | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1145233 | Download File | ||
100% | Avira | HEUR/AGEN.1145233 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1145233 | Download File | ||
100% | Avira | HEUR/AGEN.1145233 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
c-0001.c-msedge.net | 13.107.4.50 | true | false |
| unknown |
store-images.s-microsoft.com | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false |
| low | ||
true |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
159.65.88.10 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
195.154.133.20 | unknown | France | 12876 | OnlineSASFR | true | |
185.157.82.211 | unknown | Poland | 42927 | S-NET-ASPL | true | |
79.172.212.216 | unknown | Hungary | 61998 | SZERVERPLEXHU | true | |
212.237.17.99 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
110.232.117.186 | unknown | Australia | 56038 | RACKCORP-APRackCorpAU | true | |
162.244.80.68 | unknown | United States | 19624 | SERVERROOMUS | true | |
119.235.255.201 | unknown | Indonesia | 45146 | RAJASA-AS-ID-APPTRajaSepadanAbadiID | true | |
51.254.140.238 | unknown | France | 16276 | OVHFR | true | |
212.24.98.99 | unknown | Lithuania | 62282 | RACKRAYUABRakrejusLT | true | |
138.185.72.26 | unknown | Brazil | 264343 | EmpasoftLtdaMeBR | true | |
81.0.236.90 | unknown | Czech Republic | 15685 | CASABLANCA-ASInternetCollocationProviderCZ | true | |
153.126.203.229 | unknown | Japan | 7684 | SAKURA-ASAKURAInternetIncJP | true | |
216.158.226.206 | unknown | United States | 19318 | IS-AS-1US | true | |
103.75.201.2 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
45.118.115.99 | unknown | Indonesia | 131717 | IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaID | true | |
103.75.201.4 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
209.126.98.206 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
195.154.253.60 | unknown | France | 12876 | OnlineSASFR | true | |
217.182.143.207 | unknown | France | 16276 | OVHFR | true | |
82.165.152.127 | unknown | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
107.182.225.142 | unknown | United States | 32780 | HOSTINGSERVICES-INCUS | true | |
176.56.128.118 | unknown | Switzerland | 12637 | SEEWEBWebhostingcolocationandcloudservicesIT | true | |
209.15.236.39 | unknown | Canada | 13768 | COGECO-PEER1CA | true | |
50.116.54.215 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
45.118.135.203 | unknown | Japan | 63949 | LINODE-APLinodeLLCUS | true | |
131.100.24.231 | unknown | Brazil | 61635 | GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBR | true | |
46.55.222.11 | unknown | Bulgaria | 34841 | BALCHIKNETBG | true | |
173.212.193.249 | unknown | Germany | 51167 | CONTABODE | true | |
178.79.147.66 | unknown | United Kingdom | 63949 | LINODE-APLinodeLLCUS | true | |
45.176.232.124 | unknown | Colombia | 267869 | CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC | true | |
162.243.175.63 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
176.104.106.96 | unknown | Serbia | 198371 | NINETRS | true | |
31.24.158.56 | unknown | Spain | 50926 | INFORTELECOM-ASES | true | |
50.30.40.196 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
207.38.84.195 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
164.68.99.3 | unknown | Germany | 51167 | CONTABODE | true | |
103.134.85.85 | unknown | Indonesia | 139943 | IDNIC-GARUTKAB-AS-IDDinasKomunikasidanInformatikaKabupa | true | |
212.237.56.116 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
45.142.114.231 | unknown | Germany | 44066 | DE-FIRSTCOLOwwwfirst-colonetDE | true | |
1.234.2.232 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
203.114.109.124 | unknown | Thailand | 131293 | TOT-LLI-AS-APTOTPublicCompanyLimitedTH | true | |
159.8.59.82 | unknown | United States | 36351 | SOFTLAYERUS | true | |
129.232.188.93 | unknown | South Africa | 37153 | xneeloZA | true | |
58.227.42.236 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
158.69.222.101 | unknown | Canada | 16276 | OVHFR | true | |
178.128.83.165 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | true |
IP |
---|
127.0.0.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 581892 |
Start date: | 02.03.2022 |
Start time: | 19:56:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | aew.ocx (renamed file extension from ocx to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@25/8@1/48 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.35.236.56, 67.26.81.254, 67.26.73.254, 8.252.5.126, 8.248.143.254, 8.241.126.121
- Excluded domains from analysis (whitelisted): e12564.dspb.akamaiedge.net, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
19:57:20 | API Interceptor | |
19:58:38 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
159.65.88.10 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
195.154.133.20 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
c-0001.c-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OnlineSASFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 0.3593198815979092 |
Encrypted: | false |
SSDEEP: | 12:SnaaD0JcaaD0JwQQU2naaD0JcaaD0JwQQU:4tgJctgJw/tgJctgJw |
MD5: | BF1DC7D5D8DAD7478F426DF8B3F8BAA6 |
SHA1: | C6B0BDE788F553F865D65F773D8F6A3546887E42 |
SHA-256: | BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2 |
SHA-512: | 00F2412AA04E09EA19A8315D80BE66D2727C713FC0F5AE6A9334BABA539817F568A98CA3A45B2673282BDD325B8B0E2840A393A4DCFADCB16473F5EAF2AF3180 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.24937581258926267 |
Encrypted: | false |
SSDEEP: | 1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4Y:BJiRdwfu2SRU4Y |
MD5: | CC678CDF6C52791847312ABC37107F1C |
SHA1: | 452112207A835F17C998206658FD1141395EC6A4 |
SHA-256: | F6626CB72E6B6E536EC6B16A503486EBA7AAFD066810AEDDFAC0A9761C42A694 |
SHA-512: | CD4BA3914D16C6C44B8C20704EFBC4A00F456A2BDA175559EE1A4EFCA2CD949975C6E163165BCA1FA68DB81639E0A318038CB80731F394E1EEE12B47359A86B6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 786432 |
Entropy (8bit): | 0.2503967019350795 |
Encrypted: | false |
SSDEEP: | 384:fvU+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:fvrSB2nSB2RSjlK/+mLesOj1J2 |
MD5: | 1E32362AABC06229F7F434E43FC1D847 |
SHA1: | 75CE50C1DC0A036510E1935D2C4AF20BE5B458D3 |
SHA-256: | 299955127B2DD686AACCC43CCE3047F79AC254906DEE2F84DECA1FC697AFF29A |
SHA-512: | C627EFDC8FFEC96F90A09A5AA964BA1753CAF5BCBFC8CF526B2708BA1058BE5592CA86EC96611435F90223E30BF6AAE15EE5FE83C707145CCD9947D24205B1D9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.07124837602777645 |
Encrypted: | false |
SSDEEP: | 3:PR7vwcRmsFlh58jmmfS7FfB1Iill3Vkttlmlnl:PRrwcAsFlLomlt3 |
MD5: | B382E0AD1BC78F1A7BDDB90BA1385A29 |
SHA1: | 5F67F01190C0FFB0165CE7D21C749AAC022D0EE5 |
SHA-256: | 3E80E390BE4177C7C1619F190B4788B209303E785DCE8D60096A0C2AB49CB279 |
SHA-512: | 08412D6F66FB3D73CF763CEFC76FAF260AACA663FA5B1892433A3E2CA87ED9D6CF980086D0998B57A4DD673DFD0B04C8A232717B8831C502177439A7A4AE1139 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\SysWOW64\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60992 |
Entropy (8bit): | 7.994637486921971 |
Encrypted: | true |
SSDEEP: | 1536:1ccLOuSwR3W8vM1pjd8MpGwIMESUnWWiidx34:1ccLm6W8vUBCMpGwIMEDnqe4 |
MD5: | 637481DF32351129E60560D5A5C100B5 |
SHA1: | A46AEE6E5A4A4893FBA5806BCC14FC7FB3CE80AE |
SHA-256: | 1F1029D94CA4656A577D554CEDD79D447658F475AF08620084897A5523587052 |
SHA-512: | 604BFD0A78A57DFDDD45872803501AD89491E37E89E0778B0F13644FA9164FF509955A57469DFDD65A05BBEDAF0ACB669F68430E84800D17EFE7D360A70569E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\SysWOW64\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.152637389527161 |
Encrypted: | false |
SSDEEP: | 6:kKxN+SkQlPlEGYRMY9z+4KlDA3RUeAxf1:ykPlE99SNxAhUekf1 |
MD5: | 99311BD19DC4511E2027AED277C3B328 |
SHA1: | C37B25A4E0055ED3089129462CF19A389D656CAE |
SHA-256: | 980374998C5F8047ADF76CA612DDDBFA038057B378DE572D9CC1B807CDD30201 |
SHA-512: | 3B5551D9CDDF44D99BC14DE5E2D6685E98BC3ADDF43C12A9650AA28076495B16DEA75E34D73AB20B3F5FDEF714BF9A2B3664B9BFBF78303CF8A3E6D62B404AC9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.306461250274409 |
Encrypted: | false |
SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Windows Defender\MpCmdRun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 9062 |
Entropy (8bit): | 3.166240218231842 |
Encrypted: | false |
SSDEEP: | 192:cY+38+DJDD+iDtJC+iw3+gF+O5+6tw+EStN+Ejy+t:j+s+5D+Me+X+u+M+j+l+x+t |
MD5: | 2A0E98B961FCBFBF7BBADCABE0688DBB |
SHA1: | EFAA09FF77F2FC88E15FC240FAA9277A671989AC |
SHA-256: | 0298CCC16F3FC5BC1122994A0DF5AE34EB5B0A1B6EBDD2C197E57FA27F5DB93F |
SHA-512: | E01235BDDD0473D5FFBC137642D845AA03FEC006928B8D02E593DAB156DFEEC92D0837413BBDC1B4838CE993AF59342465E38129E93CBB10B6EB0009A67E4B74 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.034930766809929 |
TrID: |
|
File name: | aew.dll |
File size: | 505856 |
MD5: | 99f59e6f3fa993ba594a3d7077cc884d |
SHA1: | 839599185ae9b84ef7b4cd6bd274f4785b02fd3f |
SHA256: | d9381d778e21373428040d10d06da1f739cd527686797aaeaae93a4a9698bb40 |
SHA512: | 5d64c33f8a7f6c83e5d6ebbd3a6e2b72340e66e9d8663a8832d6db847dce0a75dc1ebaa7298df27f511678ed01bfccf4d495821cc34bca87b3faf1fdc7291447 |
SSDEEP: | 12288:jE3TMKM/JjdkdO4+BNhOwyh4h43JopSz/o:jE3TM/JjdkSI3Ko |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]/%A.NK..NK..NK.>.&..NK.>.0..NK..NJ.9LK......NK......NK......NK......NK......NK......NK......NK.Rich.NK.........PE..L....).b... |
Icon Hash: | 103636b6b6363636 |
Entrypoint: | 0x100247da |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x621E29B9 [Tue Mar 1 14:12:09 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | f08242131de62ca6d7c4b2727b491b3d |
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F5C30A37617h |
call 00007F5C30A3F8B9h |
push dword ptr [ebp+08h] |
mov ecx, dword ptr [ebp+10h] |
mov edx, dword ptr [ebp+0Ch] |
call 00007F5C30A37501h |
pop ecx |
pop ebp |
retn 000Ch |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
push edi |
mov edi, dword ptr [ebp+10h] |
mov eax, edi |
sub eax, 00000000h |
je 00007F5C30A38BFBh |
dec eax |
je 00007F5C30A38BE3h |
dec eax |
je 00007F5C30A38BAEh |
dec eax |
je 00007F5C30A38B5Fh |
dec eax |
je 00007F5C30A38ACFh |
mov ecx, dword ptr [ebp+0Ch] |
mov eax, dword ptr [ebp+08h] |
push ebx |
push 00000020h |
pop edx |
jmp 00007F5C30A37A87h |
mov esi, dword ptr [eax] |
cmp esi, dword ptr [ecx] |
je 00007F5C30A3768Eh |
movzx esi, byte ptr [eax] |
movzx ebx, byte ptr [ecx] |
sub esi, ebx |
je 00007F5C30A37627h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F5C30A37A7Fh |
movzx esi, byte ptr [eax+01h] |
movzx ebx, byte ptr [ecx+01h] |
sub esi, ebx |
je 00007F5C30A37627h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F5C30A37A5Eh |
movzx esi, byte ptr [eax+02h] |
movzx ebx, byte ptr [ecx+02h] |
sub esi, ebx |
je 00007F5C30A37627h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F5C30A37A3Dh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x47a60 | 0x88 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x45d88 | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4f000 | 0x28ac8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x78000 | 0x4564 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x40818 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x39000 | 0x574 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x45d00 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x37e69 | 0x38000 | False | 0.572749546596 | data | 6.65945988142 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x39000 | 0xeae8 | 0xec00 | False | 0.345818988347 | data | 5.24547365098 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x48000 | 0x6778 | 0x2c00 | False | 0.311168323864 | data | 4.57164486131 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4f000 | 0x28ac8 | 0x28c00 | False | 0.916776504985 | data | 7.81386296841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x78000 | 0x8f6e | 0x9000 | False | 0.322102864583 | data | 4.08479287276 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
\x41b\x414\x424\x42b\x428\x429\x417\x417\x415 | 0x4fc54 | 0x24000 | data | English | United States |
RT_CURSOR | 0x73c54 | 0x134 | data | English | United States |
RT_CURSOR | 0x73d88 | 0xb4 | data | English | United States |
RT_CURSOR | 0x73e3c | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x73f70 | 0x134 | data | English | United States |
RT_CURSOR | 0x740a4 | 0x134 | data | English | United States |
RT_CURSOR | 0x741d8 | 0x134 | data | English | United States |
RT_CURSOR | 0x7430c | 0x134 | data | English | United States |
RT_CURSOR | 0x74440 | 0x134 | data | English | United States |
RT_CURSOR | 0x74574 | 0x134 | data | English | United States |
RT_CURSOR | 0x746a8 | 0x134 | data | English | United States |
RT_CURSOR | 0x747dc | 0x134 | data | English | United States |
RT_CURSOR | 0x74910 | 0x134 | data | English | United States |
RT_CURSOR | 0x74a44 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x74b78 | 0x134 | data | English | United States |
RT_CURSOR | 0x74cac | 0x134 | data | English | United States |
RT_CURSOR | 0x74de0 | 0x134 | data | English | United States |
RT_BITMAP | 0x74f14 | 0xb8 | data | English | United States |
RT_BITMAP | 0x74fcc | 0x144 | data | English | United States |
RT_ICON | 0x75110 | 0x2e8 | data | English | United States |
RT_ICON | 0x753f8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x75520 | 0x2e8 | data | English | United States |
RT_ICON | 0x75808 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x75930 | 0x122 | data | English | United States |
RT_DIALOG | 0x75a54 | 0x34e | data | English | United States |
RT_DIALOG | 0x75da4 | 0xe8 | data | English | United States |
RT_DIALOG | 0x75e8c | 0x34 | data | English | United States |
RT_STRING | 0x75ec0 | 0x4e | data | English | United States |
RT_STRING | 0x75f10 | 0x82 | data | English | United States |
RT_STRING | 0x75f94 | 0x2a | data | English | United States |
RT_STRING | 0x75fc0 | 0x184 | data | English | United States |
RT_STRING | 0x76144 | 0x4e6 | data | English | United States |
RT_STRING | 0x7662c | 0x264 | data | English | United States |
RT_STRING | 0x76890 | 0x2da | data | English | United States |
RT_STRING | 0x76b6c | 0x8a | data | English | United States |
RT_STRING | 0x76bf8 | 0xac | data | English | United States |
RT_STRING | 0x76ca4 | 0xde | data | English | United States |
RT_STRING | 0x76d84 | 0x4a8 | data | English | United States |
RT_STRING | 0x7722c | 0x228 | data | English | United States |
RT_STRING | 0x77454 | 0x2c | data | English | United States |
RT_STRING | 0x77480 | 0x42 | data | English | United States |
RT_GROUP_CURSOR | 0x774c4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0x774e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x774fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77510 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77524 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77538 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x7754c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77560 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77574 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x77588 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x7759c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x775b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x775c4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x775d8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x775ec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_ICON | 0x77600 | 0x22 | data | English | United States |
RT_GROUP_ICON | 0x77624 | 0x22 | data | English | United States |
RT_VERSION | 0x77648 | 0x324 | data | English | United States |
RT_MANIFEST | 0x7796c | 0x15a | ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | RaiseException, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, Sleep, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, HeapDestroy, VirtualFree, GetStdHandle, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RtlUnwind, GetSystemTimeAsFileTime, GetACP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, HeapReAlloc, GetCommandLineA, HeapAlloc, HeapFree, GetTickCount, GetFileTime, GetFileSizeEx, GetFileAttributesA, FileTimeToLocalFileTime, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, InterlockedIncrement, GetModuleHandleW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, FileTimeToSystemTime, GetThreadLocale, GlobalFlags, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, InterlockedDecrement, CloseHandle, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, InterlockedExchange, lstrcmpA, FreeResource, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, FreeLibrary, CompareStringA, lstrcmpW, GetVersionExA, LoadLibraryA, GetModuleHandleA, GetProcAddress, GlobalFree, FormatMessageA, LocalFree, MulDiv, lstrlenA, GetCurrentProcessId, GetModuleFileNameA, GetLastError, SetLastError, MultiByteToWideChar, LockResource, GlobalUnlock, SizeofResource, WideCharToMultiByte, GlobalAlloc, GlobalLock, LoadResource, FindResourceA, QueryPerformanceCounter, ExitProcess |
USER32.dll | RegisterClipboardFormatA, PostThreadMessageA, LoadCursorA, GetSysColorBrush, DestroyMenu, GetDesktopWindow, CreateDialogIndirectParamA, GetNextDlgTabItem, EndDialog, GetMessageA, TranslateMessage, GetActiveWindow, GetCursorPos, ValidateRect, SetWindowContextHelpId, MapDialogRect, SetCursor, PostQuitMessage, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, SetActiveWindow, GetDlgItem, GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, GetKeyState, SetMenu, SetForegroundWindow, IsWindowVisible, UpdateWindow, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, EqualRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, GetMenu, SetWindowLongA, SetWindowPos, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, CopyRect, IsWindow, EnableWindow, SendMessageA, SetClipboardData, MapWindowPoints, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, SetRect, IsRectEmpty, CopyAcceleratorTableA, CharNextA, CharUpperA, DispatchMessageA, GetSystemMetrics, OpenClipboard, PostMessageA, AppendMenuA, EmptyClipboard, InvalidateRect, GetClientRect, DrawIcon, LoadIconA, IsIconic, GetSystemMenu, CloseClipboard, ReleaseCapture, FrameRect, GetSysColor, OffsetRect, InflateRect, PtInRect, GetParent, SetCapture, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, MessageBoxA, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetWindowThreadProcessId, GetSubMenu, GetMenuItemCount, GetMenuItemID, IsChild |
GDI32.dll | ExtSelectClipRgn, DeleteDC, CreatePen, ScaleWindowExtEx, CreateRectRgnIndirect, GetMapMode, GetBkColor, GetTextColor, GetRgnBox, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetStockObject, GetWindowExtEx, GetViewportExtEx, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, GetDeviceCaps, SetBrushOrgEx, CreateBitmap, CreateBrushIndirect, Ellipse, CreateSolidBrush |
COMDLG32.dll | GetFileTitleA |
WINSPOOL.DRV | DocumentPropertiesA, ClosePrinter, OpenPrinterA |
ADVAPI32.dll | RegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey |
SHLWAPI.dll | ColorRGBToHLS, ColorHLSToRGB, PathFindFileNameA, PathStripToRootA, PathIsUNCA, ColorAdjustLuma, PathFindExtensionA |
oledlg.dll | |
ole32.dll | CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, OleIsCurrentClipboard, CLSIDFromString, CLSIDFromProgID, CoTaskMemAlloc, CoTaskMemFree, OleFlushClipboard, CoRegisterMessageFilter |
OLEAUT32.dll | SysFreeString, SysAllocStringByteLen, VariantClear, VariantChangeType, VariantInit, SysAllocStringLen, VariantCopy, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, OleCreateFontIndirect, SysAllocString, SysStringLen |
Name | Ordinal | Address |
---|---|---|
DllRegisterClass | 3 | 0x10005cc0 |
DllRegisterServer | 1 | 0x10005ca0 |
DllUnregisterServer | 2 | 0x10005cc0 |
Description | Data |
---|---|
LegalCopyright | Copyright (C) 2004 |
InternalName | ColorSelector |
FileVersion | 1, 0, 0, 1 |
CompanyName | |
LegalTrademarks | |
ProductName | ColorSelector Application |
ProductVersion | 1, 0, 0, 1 |
FileDescription | ColorSelector MFC Application |
OriginalFilename | ColorSelector.EXE |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/02/22-19:57:39.831901 | TCP | 2404322 | ET CNC Feodo Tracker Reported CnC Server TCP group 12 | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 2, 2022 19:57:35.311382055 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:35.421417952 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:35.421608925 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:35.827656984 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:35.937663078 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:35.965568066 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:35.965596914 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:35.965732098 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:38.769229889 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:38.881038904 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:38.881207943 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:38.890213013 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:39.039993048 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:39.327476978 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:39.327644110 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:39.622028112 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.622080088 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.622344017 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.623061895 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.623080015 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.719871044 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.724642038 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.724710941 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.726372957 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.727152109 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.727174997 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.824115992 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.825886011 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.825927019 CET | 443 | 49757 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.826036930 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.826359034 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.826400995 CET | 443 | 49757 | 162.244.80.68 | 192.168.2.7 |
Mar 2, 2022 19:57:39.826981068 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
Mar 2, 2022 19:57:39.831901073 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
Mar 2, 2022 19:57:39.860126019 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
Mar 2, 2022 19:57:40.461340904 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
Mar 2, 2022 19:57:40.489495993 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
Mar 2, 2022 19:57:41.067751884 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
Mar 2, 2022 19:57:41.095854044 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
Mar 2, 2022 19:57:41.107013941 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
Mar 2, 2022 19:57:41.149450064 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
Mar 2, 2022 19:57:41.770865917 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
Mar 2, 2022 19:57:41.812984943 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
Mar 2, 2022 19:57:42.327259064 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:42.327280045 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
Mar 2, 2022 19:57:42.327415943 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:57:42.458467960 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
Mar 2, 2022 19:57:42.501386881 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
Mar 2, 2022 19:57:42.530085087 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:42.659846067 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:42.660002947 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:42.660720110 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:42.790246964 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:42.819113970 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:42.819134951 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:42.819235086 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:42.909732103 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:43.040522099 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:43.040708065 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:43.043392897 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:43.214023113 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:44.225191116 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:44.225321054 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:47.224236012 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:47.224266052 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
Mar 2, 2022 19:57:47.224400997 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:57:47.224440098 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:59:25.591171980 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:59:25.591233015 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
Mar 2, 2022 19:59:25.591705084 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Mar 2, 2022 19:59:25.591726065 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 2, 2022 19:57:10.836042881 CET | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 2, 2022 19:57:10.836042881 CET | 192.168.2.7 | 8.8.8.8 | 0x6a79 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 2, 2022 19:57:10.854796886 CET | 8.8.8.8 | 192.168.2.7 | 0x6a79 | No error (0) | store-images.s-microsoft.com-c.edgekey.net | CNAME (Canonical name) | IN (0x0001) | ||
Mar 2, 2022 19:58:00.966448069 CET | 8.8.8.8 | 192.168.2.7 | 0xab50 | No error (0) | c-0001.c-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Mar 2, 2022 19:58:00.966448069 CET | 8.8.8.8 | 192.168.2.7 | 0xab50 | No error (0) | 13.107.4.50 | A (IP address) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:57:14 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x340000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 19:57:14 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x870000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 19:57:15 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 3 |
Start time: | 19:57:15 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1290000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 19:57:16 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1290000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 5 |
Start time: | 19:57:18 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 6 |
Start time: | 19:57:19 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff641cd0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 7 |
Start time: | 19:57:20 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1290000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 8 |
Start time: | 19:57:23 |
Start date: | 02/03/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1290000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 11 |
Start time: | 19:57:30 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff641cd0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 12 |
Start time: | 19:57:33 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff641cd0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 13 |
Start time: | 19:57:35 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff641cd0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 14 |
Start time: | 19:57:35 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\SgrmBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6de5a0000 |
File size: | 163336 bytes |
MD5 hash: | D3170A3F3A9626597EEE1888686E3EA6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 15 |
Start time: | 19:57:36 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff641cd0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 17 |
Start time: | 19:57:54 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11a0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 18 |
Start time: | 19:58:37 |
Start date: | 02/03/2022 |
Path: | C:\Program Files\Windows Defender\MpCmdRun.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cae50000 |
File size: | 455656 bytes |
MD5 hash: | A267555174BFA53844371226F482B86B |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 19 |
Start time: | 19:58:38 |
Start date: | 02/03/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 4.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.6% |
Total number of Nodes: | 1475 |
Total number of Limit Nodes: | 45 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB42D80 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
Control-flow Graph
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CA0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4E423 Relevance: 2.0, APIs: 1, Instructions: 452COMMONCrypto
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
C-Code - Quality: 65% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
C-Code - Quality: 49% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
C-Code - Quality: 57% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 81% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB71F42 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
C-Code - Quality: 17% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
C-Code - Quality: 62% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 387 |
Total number of Limit Nodes: | 25 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CA0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F70 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB465A0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163clipboardwindowmemoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46170 Relevance: 9.1, APIs: 6, Instructions: 81windowCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A1F1 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A04F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46260 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 244windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C12A Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB530ED Relevance: 16.6, APIs: 11, Instructions: 139COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60112 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
C-Code - Quality: 65% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
C-Code - Quality: 49% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B8 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B6 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54008 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
C-Code - Quality: 57% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 81% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F06B Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
C-Code - Quality: 17% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46780 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
C-Code - Quality: 62% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6D14F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 373 |
Total number of Limit Nodes: | 23 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F70 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46170 Relevance: 9.1, APIs: 6, Instructions: 81windowCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46260 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 244windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C12A Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB465A0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163clipboardwindowmemoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB530ED Relevance: 16.6, APIs: 11, Instructions: 139COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5456E Relevance: 12.0, APIs: 8, Instructions: 39COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60112 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51254 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
C-Code - Quality: 70% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB510D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55983 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
C-Code - Quality: 65% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
C-Code - Quality: 49% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B8 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B6 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54008 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
C-Code - Quality: 57% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 81% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F06B Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
C-Code - Quality: 17% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB50AB9 Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4E3A5 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46780 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53255 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
C-Code - Quality: 62% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6D14F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |