Edit tour
Windows
Analysis Report
aew.ocx
Overview
General Information
| Sample Name: | aew.ocx (renamed file extension from ocx to dll) |
| Analysis ID: | 581892 |
| MD5: | 99f59e6f3fa993ba594a3d7077cc884d |
| SHA1: | 839599185ae9b84ef7b4cd6bd274f4785b02fd3f |
| SHA256: | d9381d778e21373428040d10d06da1f739cd527686797aaeaae93a4a9698bb40 |
| Infos: |   |
 | |
Detection
Emotet
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Changes security center settings (notifications, updates, antivirus, firewall)
Machine Learning detection for sample
Sigma detected: Regsvr32 Network Activity
Sigma detected: Regsvr32 Command Line Without DLL
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64
loaddll32.exe (PID: 6332 cmdline: loaddll32. exe "C:\Us ers\user\D esktop\aew .dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) 
cmd.exe (PID: 6340 cmdline: cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\aew .dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) 
rundll32.exe (PID: 6360 cmdline: rundll32.e xe "C:\Use rs\user\De sktop\aew. dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - regsvr32.exe (PID: 6348 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\ae w.dll MD5: 426E7499F6A7346F0410DEAD0805586B) - regsvr32.exe (PID: 6444 cmdline:
C:\Windows \SysWOW64\ regsvr32.e xe /s "C:\ Windows\Sy sWOW64\Iwj nrtcqqbgfs i\wfsnntpg tibz.klm" MD5: 426E7499F6A7346F0410DEAD0805586B) - rundll32.exe (PID: 6376 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllRegi sterClass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 6520 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllRegi sterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 6604 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aew.d ll,DllUnre gisterServ er MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
- svchost.exe (PID: 6488 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6804 cmdline:
c:\windows \system32\ svchost.ex e -k local service -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6928 cmdline:
c:\windows \system32\ svchost.ex e -k netwo rkservice -p -s DoSv c MD5: 32569E403279B3FD2EDB7EBD036273FA)
- svchost.exe (PID: 6996 cmdline:
C:\Windows \System32\ svchost.ex e -k Netwo rkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
- SgrmBroker.exe (PID: 7064 cmdline:
C:\Windows \system32\ SgrmBroker .exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
- svchost.exe (PID: 7088 cmdline:
c:\windows \system32\ svchost.ex e -k local servicenet workrestri cted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA) 
MpCmdRun.exe (PID: 6432 cmdline: "C:\Progra m Files\Wi ndows Defe nder\mpcmd run.exe" - wdenable MD5: A267555174BFA53844371226F482B86B) - conhost.exe (PID: 6588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- svchost.exe (PID: 2768 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
- cleanup
{"C2 list": ["209.15.236.39:8080", "162.244.80.68:443", "195.154.253.60:8080", "31.24.158.56:8080", "209.126.98.206:8080", "45.142.114.231:8080", "159.8.59.82:8080", "159.65.88.10:8080", "82.165.152.127:8080", "1.234.2.232:8080", "178.79.147.66:8080", "103.75.201.4:443", "131.100.24.231:80", "129.232.188.93:443", "173.212.193.249:8080", "107.182.225.142:8080", "103.134.85.85:80", "176.104.106.96:8080", "203.114.109.124:443", "216.158.226.206:443", "119.235.255.201:8080", "103.75.201.2:443", "176.56.128.118:443", "195.154.133.20:443", "51.254.140.238:7080", "45.118.115.99:8080", "212.237.56.116:7080", "138.185.72.26:8080", "158.69.222.101:443", "46.55.222.11:443", "79.172.212.216:8080", "81.0.236.90:443", "110.232.117.186:8080", "50.30.40.196:8080", "185.157.82.211:8080", "162.243.175.63:443", "178.128.83.165:80", "153.126.203.229:8080", "50.116.54.215:443", "45.176.232.124:443", "164.68.99.3:8080", "207.38.84.195:8080", "217.182.143.207:443", "212.24.98.99:8080", "45.118.135.203:7080", "58.227.42.236:80", "212.237.17.99:8080"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| Click to see the 3 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
| Click to see the 7 entries | ||||
System Summary |   |
|---|
| Source: | Author: Dmitriy Lifanov, oscd.community: | ||
| Source: | Author: Florian Roth: | ||
| Source: | Author: Florian Roth: | ||
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Metadefender: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_6EB57121 | |
| Source: | Code function: | 5_2_6EB57121 | |
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | IPs: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | Code function: | 5_2_6EB4CB52 | |
| Source: | Code function: | 3_2_6EB465A0 | |
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Static PE information: | ||
| Source: | File deleted: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 2_2_6EB76E02 | |
| Source: | Code function: | 2_2_6EB73FA6 | |
| Source: | Code function: | 2_2_6EB73A62 | |
| Source: | Code function: | 2_2_6EB7469E | |
| Source: | Code function: | 2_2_6EB757F1 | |
| Source: | Code function: | 2_2_6EB647FD | |
| Source: | Code function: | 2_2_6EB4E423 | |
| Source: | Code function: | 2_2_6EB7351E | |
| Source: | Code function: | 2_2_6EB6B3E5 | |
| Source: | Code function: | 3_2_6EB76E02 | |
| Source: | Code function: | 3_2_6EB73FA6 | |
| Source: | Code function: | 3_2_6EB73A62 | |
| Source: | Code function: | 3_2_6EB7469E | |
| Source: | Code function: | 3_2_6EB757F1 | |
| Source: | Code function: | 3_2_6EB647FD | |
| Source: | Code function: | 3_2_6EB4E423 | |
| Source: | Code function: | 3_2_6EB7351E | |
| Source: | Code function: | 3_2_6EB6B3E5 | |
| Source: | Code function: | 5_2_6EB76E02 | |
| Source: | Code function: | 5_2_6EB73FA6 | |
| Source: | Code function: | 5_2_6EB73A62 | |
| Source: | Code function: | 5_2_6EB7469E | |
| Source: | Code function: | 5_2_6EB757F1 | |
| Source: | Code function: | 5_2_6EB647FD | |
| Source: | Code function: | 5_2_6EB4E423 | |
| Source: | Code function: | 5_2_6EB7351E | |
| Source: | Code function: | 5_2_6EB6B3E5 | |
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Metadefender: | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Mutant created: | ||
| Source: | Code function: | 2_2_6EB456B0 | |
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_6EB66660 | |
| Source: | Code function: | 2_2_6EB665E6 | |
| Source: | Code function: | 3_2_6EB66660 | |
| Source: | Code function: | 3_2_6EB665E6 | |
| Source: | Code function: | 5_2_6EB66660 | |
| Source: | Code function: | 5_2_6EB665E6 | |
| Source: | Code function: | 2_2_6EB7189F | |
| Source: | Static PE information: | ||
| Source: | Process created: | ||
| Source: | PE file moved: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 3_2_6EB4A1F1 | |
| Source: | Code function: | 3_2_6EB46170 | |
| Source: | Code function: | 5_2_6EB4A1F1 | |
| Source: | Code function: | 5_2_6EB46170 | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Evasive API call chain: | graph_2-18634 | ||
| Source: | Evasive API call chain: | graph_2-19013 | ||
| Source: | Evasive API call chain: | graph_3-21917 | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | API coverage: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_6EB669AB | |
| Source: | Code function: | 3_2_6EB57121 | |
| Source: | Code function: | 5_2_6EB57121 | |
| Source: | API call chain: | graph_2-19014 | ||
| Source: | API call chain: | graph_3-22126 | ||
| Source: | API call chain: | graph_3-22056 | ||
| Source: | API call chain: | graph_5-23561 | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 2_2_6EB63DE0 | |
| Source: | Code function: | 2_2_6EB669AB | |
| Source: | Code function: | 2_2_6EB7189F | |
| Source: | Code function: | 2_2_6EB44010 | |
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_6EB6DF1C | |
| Source: | Code function: | 2_2_6EB63DE0 | |
| Source: | Code function: | 2_2_6EB68788 | |
| Source: | Code function: | 3_2_6EB6DF1C | |
| Source: | Code function: | 3_2_6EB63DE0 | |
| Source: | Code function: | 3_2_6EB68788 | |
| Source: | Code function: | 5_2_6EB6DF1C | |
| Source: | Code function: | 5_2_6EB63DE0 | |
| Source: | Code function: | 5_2_6EB68788 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 2_2_6EB72D4B | |
| Source: | Code function: | 2_2_6EB505A6 | |
| Source: | Code function: | 3_2_6EB72D4B | |
| Source: | Code function: | 3_2_6EB505A6 | |
| Source: | Code function: | 5_2_6EB72D4B | |
| Source: | Code function: | 5_2_6EB505A6 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_6EB6CA8E | |
| Source: | Code function: | 3_2_6EB701F3 | |
| Source: | Code function: | 3_2_6EB4A04F | |
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 12 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 2 File and Directory Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 36 System Information Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 1 Query Registry | Distributed Component Object Model | Input Capture | Scheduled Transfer | 12 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 61 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Masquerading | Cached Domain Credentials | 3 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 3 Virtualization/Sandbox Evasion | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | 1 Remote System Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Regsvr32 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 61% | Virustotal | Browse | ||
| 31% | Metadefender | Browse | ||
| 64% | ReversingLabs | Win32.Trojan.Mansabo | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1145233 | Download File | ||
| 100% | Avira | HEUR/AGEN.1145233 | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1145233 | Download File | ||
| 100% | Avira | HEUR/AGEN.1145233 | Download File |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| c-0001.c-msedge.net | 13.107.4.50 | true | false |
| unknown |
| store-images.s-microsoft.com | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false |
| low | ||
| true |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 159.65.88.10 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
| 195.154.133.20 | unknown | France | 12876 | OnlineSASFR | true | |
| 185.157.82.211 | unknown | Poland | 42927 | S-NET-ASPL | true | |
| 79.172.212.216 | unknown | Hungary | 61998 | SZERVERPLEXHU | true | |
| 212.237.17.99 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
| 110.232.117.186 | unknown | Australia | 56038 | RACKCORP-APRackCorpAU | true | |
| 162.244.80.68 | unknown | United States | 19624 | SERVERROOMUS | true | |
| 119.235.255.201 | unknown | Indonesia | 45146 | RAJASA-AS-ID-APPTRajaSepadanAbadiID | true | |
| 51.254.140.238 | unknown | France | 16276 | OVHFR | true | |
| 212.24.98.99 | unknown | Lithuania | 62282 | RACKRAYUABRakrejusLT | true | |
| 138.185.72.26 | unknown | Brazil | 264343 | EmpasoftLtdaMeBR | true | |
| 81.0.236.90 | unknown | Czech Republic | 15685 | CASABLANCA-ASInternetCollocationProviderCZ | true | |
| 153.126.203.229 | unknown | Japan | 7684 | SAKURA-ASAKURAInternetIncJP | true | |
| 216.158.226.206 | unknown | United States | 19318 | IS-AS-1US | true | |
| 103.75.201.2 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
| 45.118.115.99 | unknown | Indonesia | 131717 | IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaID | true | |
| 103.75.201.4 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
| 209.126.98.206 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
| 195.154.253.60 | unknown | France | 12876 | OnlineSASFR | true | |
| 217.182.143.207 | unknown | France | 16276 | OVHFR | true | |
| 82.165.152.127 | unknown | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
| 107.182.225.142 | unknown | United States | 32780 | HOSTINGSERVICES-INCUS | true | |
| 176.56.128.118 | unknown | Switzerland | 12637 | SEEWEBWebhostingcolocationandcloudservicesIT | true | |
| 209.15.236.39 | unknown | Canada | 13768 | COGECO-PEER1CA | true | |
| 50.116.54.215 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
| 45.118.135.203 | unknown | Japan | 63949 | LINODE-APLinodeLLCUS | true | |
| 131.100.24.231 | unknown | Brazil | 61635 | GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBR | true | |
| 46.55.222.11 | unknown | Bulgaria | 34841 | BALCHIKNETBG | true | |
| 173.212.193.249 | unknown | Germany | 51167 | CONTABODE | true | |
| 178.79.147.66 | unknown | United Kingdom | 63949 | LINODE-APLinodeLLCUS | true | |
| 45.176.232.124 | unknown | Colombia | 267869 | CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC | true | |
| 162.243.175.63 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
| 176.104.106.96 | unknown | Serbia | 198371 | NINETRS | true | |
| 31.24.158.56 | unknown | Spain | 50926 | INFORTELECOM-ASES | true | |
| 50.30.40.196 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
| 207.38.84.195 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
| 164.68.99.3 | unknown | Germany | 51167 | CONTABODE | true | |
| 103.134.85.85 | unknown | Indonesia | 139943 | IDNIC-GARUTKAB-AS-IDDinasKomunikasidanInformatikaKabupa | true | |
| 212.237.56.116 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
| 45.142.114.231 | unknown | Germany | 44066 | DE-FIRSTCOLOwwwfirst-colonetDE | true | |
| 1.234.2.232 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
| 203.114.109.124 | unknown | Thailand | 131293 | TOT-LLI-AS-APTOTPublicCompanyLimitedTH | true | |
| 159.8.59.82 | unknown | United States | 36351 | SOFTLAYERUS | true | |
| 129.232.188.93 | unknown | South Africa | 37153 | xneeloZA | true | |
| 58.227.42.236 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
| 158.69.222.101 | unknown | Canada | 16276 | OVHFR | true | |
| 178.128.83.165 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | true |
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 581892 |
| Start date: | 02.03.2022 |
| Start time: | 19:56:14 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 46s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | aew.ocx (renamed file extension from ocx to dll) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 22 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winDLL@25/8@1/48 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.35.236.56, 67.26.81.254, 67.26.73.254, 8.252.5.126, 8.248.143.254, 8.241.126.121
- Excluded domains from analysis (whitelisted): e12564.dspb.akamaiedge.net, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 19:57:20 | API Interceptor | |
| 19:58:38 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 159.65.88.10 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| 195.154.133.20 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| c-0001.c-msedge.net | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| OnlineSASFR | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\System32\svchost.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8192 |
| Entropy (8bit): | 0.3593198815979092 |
| Encrypted: | false |
| SSDEEP: | 12:SnaaD0JcaaD0JwQQU2naaD0JcaaD0JwQQU:4tgJctgJw/tgJctgJw |
| MD5: | BF1DC7D5D8DAD7478F426DF8B3F8BAA6 |
| SHA1: | C6B0BDE788F553F865D65F773D8F6A3546887E42 |
| SHA-256: | BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2 |
| SHA-512: | 00F2412AA04E09EA19A8315D80BE66D2727C713FC0F5AE6A9334BABA539817F568A98CA3A45B2673282BDD325B8B0E2840A393A4DCFADCB16473F5EAF2AF3180 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\svchost.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1310720 |
| Entropy (8bit): | 0.24937581258926267 |
| Encrypted: | false |
| SSDEEP: | 1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4Y:BJiRdwfu2SRU4Y |
| MD5: | CC678CDF6C52791847312ABC37107F1C |
| SHA1: | 452112207A835F17C998206658FD1141395EC6A4 |
| SHA-256: | F6626CB72E6B6E536EC6B16A503486EBA7AAFD066810AEDDFAC0A9761C42A694 |
| SHA-512: | CD4BA3914D16C6C44B8C20704EFBC4A00F456A2BDA175559EE1A4EFCA2CD949975C6E163165BCA1FA68DB81639E0A318038CB80731F394E1EEE12B47359A86B6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\svchost.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 786432 |
| Entropy (8bit): | 0.2503967019350795 |
| Encrypted: | false |
| SSDEEP: | 384:fvU+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:fvrSB2nSB2RSjlK/+mLesOj1J2 |
| MD5: | 1E32362AABC06229F7F434E43FC1D847 |
| SHA1: | 75CE50C1DC0A036510E1935D2C4AF20BE5B458D3 |
| SHA-256: | 299955127B2DD686AACCC43CCE3047F79AC254906DEE2F84DECA1FC697AFF29A |
| SHA-512: | C627EFDC8FFEC96F90A09A5AA964BA1753CAF5BCBFC8CF526B2708BA1058BE5592CA86EC96611435F90223E30BF6AAE15EE5FE83C707145CCD9947D24205B1D9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\svchost.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16384 |
| Entropy (8bit): | 0.07124837602777645 |
| Encrypted: | false |
| SSDEEP: | 3:PR7vwcRmsFlh58jmmfS7FfB1Iill3Vkttlmlnl:PRrwcAsFlLomlt3 |
| MD5: | B382E0AD1BC78F1A7BDDB90BA1385A29 |
| SHA1: | 5F67F01190C0FFB0165CE7D21C749AAC022D0EE5 |
| SHA-256: | 3E80E390BE4177C7C1619F190B4788B209303E785DCE8D60096A0C2AB49CB279 |
| SHA-512: | 08412D6F66FB3D73CF763CEFC76FAF260AACA663FA5B1892433A3E2CA87ED9D6CF980086D0998B57A4DD673DFD0B04C8A232717B8831C502177439A7A4AE1139 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Windows\SysWOW64\regsvr32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60992 |
| Entropy (8bit): | 7.994637486921971 |
| Encrypted: | true |
| SSDEEP: | 1536:1ccLOuSwR3W8vM1pjd8MpGwIMESUnWWiidx34:1ccLm6W8vUBCMpGwIMEDnqe4 |
| MD5: | 637481DF32351129E60560D5A5C100B5 |
| SHA1: | A46AEE6E5A4A4893FBA5806BCC14FC7FB3CE80AE |
| SHA-256: | 1F1029D94CA4656A577D554CEDD79D447658F475AF08620084897A5523587052 |
| SHA-512: | 604BFD0A78A57DFDDD45872803501AD89491E37E89E0778B0F13644FA9164FF509955A57469DFDD65A05BBEDAF0ACB669F68430E84800D17EFE7D360A70569E3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Windows\SysWOW64\regsvr32.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 330 |
| Entropy (8bit): | 3.152637389527161 |
| Encrypted: | false |
| SSDEEP: | 6:kKxN+SkQlPlEGYRMY9z+4KlDA3RUeAxf1:ykPlE99SNxAhUekf1 |
| MD5: | 99311BD19DC4511E2027AED277C3B328 |
| SHA1: | C37B25A4E0055ED3089129462CF19A389D656CAE |
| SHA-256: | 980374998C5F8047ADF76CA612DDDBFA038057B378DE572D9CC1B807CDD30201 |
| SHA-512: | 3B5551D9CDDF44D99BC14DE5E2D6685E98BC3ADDF43C12A9650AA28076495B16DEA75E34D73AB20B3F5FDEF714BF9A2B3664B9BFBF78303CF8A3E6D62B404AC9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\svchost.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55 |
| Entropy (8bit): | 4.306461250274409 |
| Encrypted: | false |
| SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
| MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
| SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
| SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
| SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Windows Defender\MpCmdRun.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 9062 |
| Entropy (8bit): | 3.166240218231842 |
| Encrypted: | false |
| SSDEEP: | 192:cY+38+DJDD+iDtJC+iw3+gF+O5+6tw+EStN+Ejy+t:j+s+5D+Me+X+u+M+j+l+x+t |
| MD5: | 2A0E98B961FCBFBF7BBADCABE0688DBB |
| SHA1: | EFAA09FF77F2FC88E15FC240FAA9277A671989AC |
| SHA-256: | 0298CCC16F3FC5BC1122994A0DF5AE34EB5B0A1B6EBDD2C197E57FA27F5DB93F |
| SHA-512: | E01235BDDD0473D5FFBC137642D845AA03FEC006928B8D02E593DAB156DFEEC92D0837413BBDC1B4838CE993AF59342465E38129E93CBB10B6EB0009A67E4B74 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.034930766809929 |
| TrID: |
|
| File name: | aew.dll |
| File size: | 505856 |
| MD5: | 99f59e6f3fa993ba594a3d7077cc884d |
| SHA1: | 839599185ae9b84ef7b4cd6bd274f4785b02fd3f |
| SHA256: | d9381d778e21373428040d10d06da1f739cd527686797aaeaae93a4a9698bb40 |
| SHA512: | 5d64c33f8a7f6c83e5d6ebbd3a6e2b72340e66e9d8663a8832d6db847dce0a75dc1ebaa7298df27f511678ed01bfccf4d495821cc34bca87b3faf1fdc7291447 |
| SSDEEP: | 12288:jE3TMKM/JjdkdO4+BNhOwyh4h43JopSz/o:jE3TM/JjdkSI3Ko |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]/%A.NK..NK..NK.>.&..NK.>.0..NK..NJ.9LK......NK......NK......NK......NK......NK......NK......NK.Rich.NK.........PE..L....).b... |
 | |
| Icon Hash: | 103636b6b6363636 |
| Entrypoint: | 0x100247da |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x10000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x621E29B9 [Tue Mar 1 14:12:09 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f08242131de62ca6d7c4b2727b491b3d |
| Instruction |
|---|
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| cmp dword ptr [ebp+0Ch], 01h |
| jne 00007F5C30A37617h |
| call 00007F5C30A3F8B9h |
| push dword ptr [ebp+08h] |
| mov ecx, dword ptr [ebp+10h] |
| mov edx, dword ptr [ebp+0Ch] |
| call 00007F5C30A37501h |
| pop ecx |
| pop ebp |
| retn 000Ch |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push esi |
| push edi |
| mov edi, dword ptr [ebp+10h] |
| mov eax, edi |
| sub eax, 00000000h |
| je 00007F5C30A38BFBh |
| dec eax |
| je 00007F5C30A38BE3h |
| dec eax |
| je 00007F5C30A38BAEh |
| dec eax |
| je 00007F5C30A38B5Fh |
| dec eax |
| je 00007F5C30A38ACFh |
| mov ecx, dword ptr [ebp+0Ch] |
| mov eax, dword ptr [ebp+08h] |
| push ebx |
| push 00000020h |
| pop edx |
| jmp 00007F5C30A37A87h |
| mov esi, dword ptr [eax] |
| cmp esi, dword ptr [ecx] |
| je 00007F5C30A3768Eh |
| movzx esi, byte ptr [eax] |
| movzx ebx, byte ptr [ecx] |
| sub esi, ebx |
| je 00007F5C30A37627h |
| xor ebx, ebx |
| test esi, esi |
| setnle bl |
| lea ebx, dword ptr [ebx+ebx-01h] |
| mov esi, ebx |
| test esi, esi |
| jne 00007F5C30A37A7Fh |
| movzx esi, byte ptr [eax+01h] |
| movzx ebx, byte ptr [ecx+01h] |
| sub esi, ebx |
| je 00007F5C30A37627h |
| xor ebx, ebx |
| test esi, esi |
| setnle bl |
| lea ebx, dword ptr [ebx+ebx-01h] |
| mov esi, ebx |
| test esi, esi |
| jne 00007F5C30A37A5Eh |
| movzx esi, byte ptr [eax+02h] |
| movzx ebx, byte ptr [ecx+02h] |
| sub esi, ebx |
| je 00007F5C30A37627h |
| xor ebx, ebx |
| test esi, esi |
| setnle bl |
| lea ebx, dword ptr [ebx+ebx-01h] |
| mov esi, ebx |
| test esi, esi |
| jne 00007F5C30A37A3Dh |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x47a60 | 0x88 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x45d88 | 0xdc | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4f000 | 0x28ac8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x78000 | 0x4564 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x40818 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x39000 | 0x574 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x45d00 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x37e69 | 0x38000 | False | 0.572749546596 | data | 6.65945988142 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x39000 | 0xeae8 | 0xec00 | False | 0.345818988347 | data | 5.24547365098 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x48000 | 0x6778 | 0x2c00 | False | 0.311168323864 | data | 4.57164486131 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x4f000 | 0x28ac8 | 0x28c00 | False | 0.916776504985 | data | 7.81386296841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x78000 | 0x8f6e | 0x9000 | False | 0.322102864583 | data | 4.08479287276 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| \x41b\x414\x424\x42b\x428\x429\x417\x417\x415 | 0x4fc54 | 0x24000 | data | English | United States |
| RT_CURSOR | 0x73c54 | 0x134 | data | English | United States |
| RT_CURSOR | 0x73d88 | 0xb4 | data | English | United States |
| RT_CURSOR | 0x73e3c | 0x134 | AmigaOS bitmap font | English | United States |
| RT_CURSOR | 0x73f70 | 0x134 | data | English | United States |
| RT_CURSOR | 0x740a4 | 0x134 | data | English | United States |
| RT_CURSOR | 0x741d8 | 0x134 | data | English | United States |
| RT_CURSOR | 0x7430c | 0x134 | data | English | United States |
| RT_CURSOR | 0x74440 | 0x134 | data | English | United States |
| RT_CURSOR | 0x74574 | 0x134 | data | English | United States |
| RT_CURSOR | 0x746a8 | 0x134 | data | English | United States |
| RT_CURSOR | 0x747dc | 0x134 | data | English | United States |
| RT_CURSOR | 0x74910 | 0x134 | data | English | United States |
| RT_CURSOR | 0x74a44 | 0x134 | AmigaOS bitmap font | English | United States |
| RT_CURSOR | 0x74b78 | 0x134 | data | English | United States |
| RT_CURSOR | 0x74cac | 0x134 | data | English | United States |
| RT_CURSOR | 0x74de0 | 0x134 | data | English | United States |
| RT_BITMAP | 0x74f14 | 0xb8 | data | English | United States |
| RT_BITMAP | 0x74fcc | 0x144 | data | English | United States |
| RT_ICON | 0x75110 | 0x2e8 | data | English | United States |
| RT_ICON | 0x753f8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_ICON | 0x75520 | 0x2e8 | data | English | United States |
| RT_ICON | 0x75808 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_DIALOG | 0x75930 | 0x122 | data | English | United States |
| RT_DIALOG | 0x75a54 | 0x34e | data | English | United States |
| RT_DIALOG | 0x75da4 | 0xe8 | data | English | United States |
| RT_DIALOG | 0x75e8c | 0x34 | data | English | United States |
| RT_STRING | 0x75ec0 | 0x4e | data | English | United States |
| RT_STRING | 0x75f10 | 0x82 | data | English | United States |
| RT_STRING | 0x75f94 | 0x2a | data | English | United States |
| RT_STRING | 0x75fc0 | 0x184 | data | English | United States |
| RT_STRING | 0x76144 | 0x4e6 | data | English | United States |
| RT_STRING | 0x7662c | 0x264 | data | English | United States |
| RT_STRING | 0x76890 | 0x2da | data | English | United States |
| RT_STRING | 0x76b6c | 0x8a | data | English | United States |
| RT_STRING | 0x76bf8 | 0xac | data | English | United States |
| RT_STRING | 0x76ca4 | 0xde | data | English | United States |
| RT_STRING | 0x76d84 | 0x4a8 | data | English | United States |
| RT_STRING | 0x7722c | 0x228 | data | English | United States |
| RT_STRING | 0x77454 | 0x2c | data | English | United States |
| RT_STRING | 0x77480 | 0x42 | data | English | United States |
| RT_GROUP_CURSOR | 0x774c4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
| RT_GROUP_CURSOR | 0x774e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x774fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77510 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77524 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77538 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x7754c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77560 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77574 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x77588 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x7759c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x775b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x775c4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x775d8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_CURSOR | 0x775ec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
| RT_GROUP_ICON | 0x77600 | 0x22 | data | English | United States |
| RT_GROUP_ICON | 0x77624 | 0x22 | data | English | United States |
| RT_VERSION | 0x77648 | 0x324 | data | English | United States |
| RT_MANIFEST | 0x7796c | 0x15a | ASCII text, with CRLF line terminators | English | United States |
| DLL | Import |
|---|---|
| KERNEL32.dll | RaiseException, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, Sleep, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, HeapDestroy, VirtualFree, GetStdHandle, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RtlUnwind, GetSystemTimeAsFileTime, GetACP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, HeapReAlloc, GetCommandLineA, HeapAlloc, HeapFree, GetTickCount, GetFileTime, GetFileSizeEx, GetFileAttributesA, FileTimeToLocalFileTime, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, InterlockedIncrement, GetModuleHandleW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, FileTimeToSystemTime, GetThreadLocale, GlobalFlags, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, InterlockedDecrement, CloseHandle, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, InterlockedExchange, lstrcmpA, FreeResource, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, FreeLibrary, CompareStringA, lstrcmpW, GetVersionExA, LoadLibraryA, GetModuleHandleA, GetProcAddress, GlobalFree, FormatMessageA, LocalFree, MulDiv, lstrlenA, GetCurrentProcessId, GetModuleFileNameA, GetLastError, SetLastError, MultiByteToWideChar, LockResource, GlobalUnlock, SizeofResource, WideCharToMultiByte, GlobalAlloc, GlobalLock, LoadResource, FindResourceA, QueryPerformanceCounter, ExitProcess |
| USER32.dll | RegisterClipboardFormatA, PostThreadMessageA, LoadCursorA, GetSysColorBrush, DestroyMenu, GetDesktopWindow, CreateDialogIndirectParamA, GetNextDlgTabItem, EndDialog, GetMessageA, TranslateMessage, GetActiveWindow, GetCursorPos, ValidateRect, SetWindowContextHelpId, MapDialogRect, SetCursor, PostQuitMessage, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, SetActiveWindow, GetDlgItem, GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, GetKeyState, SetMenu, SetForegroundWindow, IsWindowVisible, UpdateWindow, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, EqualRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, GetMenu, SetWindowLongA, SetWindowPos, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, CopyRect, IsWindow, EnableWindow, SendMessageA, SetClipboardData, MapWindowPoints, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, SetRect, IsRectEmpty, CopyAcceleratorTableA, CharNextA, CharUpperA, DispatchMessageA, GetSystemMetrics, OpenClipboard, PostMessageA, AppendMenuA, EmptyClipboard, InvalidateRect, GetClientRect, DrawIcon, LoadIconA, IsIconic, GetSystemMenu, CloseClipboard, ReleaseCapture, FrameRect, GetSysColor, OffsetRect, InflateRect, PtInRect, GetParent, SetCapture, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, MessageBoxA, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetWindowThreadProcessId, GetSubMenu, GetMenuItemCount, GetMenuItemID, IsChild |
| GDI32.dll | ExtSelectClipRgn, DeleteDC, CreatePen, ScaleWindowExtEx, CreateRectRgnIndirect, GetMapMode, GetBkColor, GetTextColor, GetRgnBox, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetStockObject, GetWindowExtEx, GetViewportExtEx, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, GetDeviceCaps, SetBrushOrgEx, CreateBitmap, CreateBrushIndirect, Ellipse, CreateSolidBrush |
| COMDLG32.dll | GetFileTitleA |
| WINSPOOL.DRV | DocumentPropertiesA, ClosePrinter, OpenPrinterA |
| ADVAPI32.dll | RegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey |
| SHLWAPI.dll | ColorRGBToHLS, ColorHLSToRGB, PathFindFileNameA, PathStripToRootA, PathIsUNCA, ColorAdjustLuma, PathFindExtensionA |
| oledlg.dll | |
| ole32.dll | CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, OleIsCurrentClipboard, CLSIDFromString, CLSIDFromProgID, CoTaskMemAlloc, CoTaskMemFree, OleFlushClipboard, CoRegisterMessageFilter |
| OLEAUT32.dll | SysFreeString, SysAllocStringByteLen, VariantClear, VariantChangeType, VariantInit, SysAllocStringLen, VariantCopy, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, OleCreateFontIndirect, SysAllocString, SysStringLen |
| Name | Ordinal | Address |
|---|---|---|
| DllRegisterClass | 3 | 0x10005cc0 |
| DllRegisterServer | 1 | 0x10005ca0 |
| DllUnregisterServer | 2 | 0x10005cc0 |
| Description | Data |
|---|---|
| LegalCopyright | Copyright (C) 2004 |
| InternalName | ColorSelector |
| FileVersion | 1, 0, 0, 1 |
| CompanyName | |
| LegalTrademarks | |
| ProductName | ColorSelector Application |
| ProductVersion | 1, 0, 0, 1 |
| FileDescription | ColorSelector MFC Application |
| OriginalFilename | ColorSelector.EXE |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 03/02/22-19:57:39.831901 | TCP | 2404322 | ET CNC Feodo Tracker Reported CnC Server TCP group 12 | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 2, 2022 19:57:35.311382055 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:35.421417952 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:35.421608925 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:35.827656984 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:35.937663078 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:35.965568066 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:35.965596914 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:35.965732098 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:38.769229889 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:38.881038904 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:38.881207943 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:38.890213013 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:39.039993048 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.327476978 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.327644110 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:39.622028112 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.622080088 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.622344017 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.623061895 CET | 49755 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.623080015 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.719871044 CET | 443 | 49755 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.724642038 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.724710941 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.726372957 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.727152109 CET | 49756 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.727174997 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.824115992 CET | 443 | 49756 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.825886011 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.825927019 CET | 443 | 49757 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.826036930 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.826359034 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.826400995 CET | 443 | 49757 | 162.244.80.68 | 192.168.2.7 |
| Mar 2, 2022 19:57:39.826981068 CET | 49757 | 443 | 192.168.2.7 | 162.244.80.68 |
| Mar 2, 2022 19:57:39.831901073 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
| Mar 2, 2022 19:57:39.860126019 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
| Mar 2, 2022 19:57:40.461340904 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
| Mar 2, 2022 19:57:40.489495993 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
| Mar 2, 2022 19:57:41.067751884 CET | 49758 | 8080 | 192.168.2.7 | 195.154.253.60 |
| Mar 2, 2022 19:57:41.095854044 CET | 8080 | 49758 | 195.154.253.60 | 192.168.2.7 |
| Mar 2, 2022 19:57:41.107013941 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
| Mar 2, 2022 19:57:41.149450064 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
| Mar 2, 2022 19:57:41.770865917 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
| Mar 2, 2022 19:57:41.812984943 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.327259064 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.327280045 CET | 8080 | 49753 | 209.15.236.39 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.327415943 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:57:42.458467960 CET | 49759 | 8080 | 192.168.2.7 | 31.24.158.56 |
| Mar 2, 2022 19:57:42.501386881 CET | 8080 | 49759 | 31.24.158.56 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.530085087 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:42.659846067 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.660002947 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:42.660720110 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:42.790246964 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.819113970 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.819134951 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:42.819235086 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:42.909732103 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:43.040522099 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:43.040708065 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:43.043392897 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:43.214023113 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:44.225191116 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:44.225321054 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:47.224236012 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:47.224266052 CET | 8080 | 49760 | 209.126.98.206 | 192.168.2.7 |
| Mar 2, 2022 19:57:47.224400997 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:57:47.224440098 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:59:25.591171980 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:59:25.591233015 CET | 49760 | 8080 | 192.168.2.7 | 209.126.98.206 |
| Mar 2, 2022 19:59:25.591705084 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Mar 2, 2022 19:59:25.591726065 CET | 49753 | 8080 | 192.168.2.7 | 209.15.236.39 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 2, 2022 19:57:10.836042881 CET | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Mar 2, 2022 19:57:10.836042881 CET | 192.168.2.7 | 8.8.8.8 | 0x6a79 | Standard query (0) | A (IP address) | IN (0x0001) |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Mar 2, 2022 19:57:10.854796886 CET | 8.8.8.8 | 192.168.2.7 | 0x6a79 | No error (0) | store-images.s-microsoft.com-c.edgekey.net | CNAME (Canonical name) | IN (0x0001) | ||
| Mar 2, 2022 19:58:00.966448069 CET | 8.8.8.8 | 192.168.2.7 | 0xab50 | No error (0) | c-0001.c-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
| Mar 2, 2022 19:58:00.966448069 CET | 8.8.8.8 | 192.168.2.7 | 0xab50 | No error (0) | 13.107.4.50 | A (IP address) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 19:57:14 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\loaddll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x340000 |
| File size: | 116736 bytes |
| MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 1 |
| Start time: | 19:57:14 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x870000 |
| File size: | 232960 bytes |
| MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 2 |
| Start time: | 19:57:15 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\regsvr32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x170000 |
| File size: | 20992 bytes |
| MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Target ID: | 3 |
| Start time: | 19:57:15 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1290000 |
| File size: | 61952 bytes |
| MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Target ID: | 4 |
| Start time: | 19:57:16 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1290000 |
| File size: | 61952 bytes |
| MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Target ID: | 5 |
| Start time: | 19:57:18 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\regsvr32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x170000 |
| File size: | 20992 bytes |
| MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Target ID: | 6 |
| Start time: | 19:57:19 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff641cd0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 7 |
| Start time: | 19:57:20 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1290000 |
| File size: | 61952 bytes |
| MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 8 |
| Start time: | 19:57:23 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1290000 |
| File size: | 61952 bytes |
| MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 11 |
| Start time: | 19:57:30 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff641cd0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 12 |
| Start time: | 19:57:33 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff641cd0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 13 |
| Start time: | 19:57:35 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff641cd0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 14 |
| Start time: | 19:57:35 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\SgrmBroker.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6de5a0000 |
| File size: | 163336 bytes |
| MD5 hash: | D3170A3F3A9626597EEE1888686E3EA6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 15 |
| Start time: | 19:57:36 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff641cd0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 17 |
| Start time: | 19:57:54 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\svchost.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x11a0000 |
| File size: | 51288 bytes |
| MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Target ID: | 18 |
| Start time: | 19:58:37 |
| Start date: | 02/03/2022 |
| Path: | C:\Program Files\Windows Defender\MpCmdRun.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6cae50000 |
| File size: | 455656 bytes |
| MD5 hash: | A267555174BFA53844371226F482B86B |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Target ID: | 19 |
| Start time: | 19:58:38 |
| Start date: | 02/03/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff774ee0000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
Execution Graph
| Execution Coverage: | 4.4% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 5.6% |
| Total number of Nodes: | 1475 |
| Total number of Limit Nodes: | 45 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 79% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 90% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 30% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 35% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB42D80 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 90% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 76% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 54% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CA0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 58% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 25% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4E423 Relevance: 2.0, APIs: 1, Instructions: 452COMMONCrypto
Download Yara Rule
| C-Code - Quality: 37% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 46% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 92% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
Download Yara Rule
| C-Code - Quality: 49% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
Download Yara Rule
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| C-Code - Quality: 38% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 58% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 74% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
Download Yara Rule
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 54% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
Download Yara Rule
| C-Code - Quality: 67% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 57% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB71F42 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| C-Code - Quality: 17% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 37% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
Download Yara Rule
| C-Code - Quality: 62% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 3.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 387 |
| Total number of Limit Nodes: | 25 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 79% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 90% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 30% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 35% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 90% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 76% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 54% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CA0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 58% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 25% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F70 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB465A0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163clipboardwindowmemoryCOMMON
Download Yara Rule
| C-Code - Quality: 69% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 98% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46170 Relevance: 9.1, APIs: 6, Instructions: 81windowCOMMON
Download Yara Rule
| C-Code - Quality: 54% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A1F1 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A04F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 46% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46260 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 244windowCOMMON
Download Yara Rule
| C-Code - Quality: 68% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C12A Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
Download Yara Rule
| C-Code - Quality: 89% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB530ED Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60112 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 92% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
Download Yara Rule
| C-Code - Quality: 49% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
Download Yara Rule
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| C-Code - Quality: 38% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 58% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 74% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B8 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B6 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54008 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
Download Yara Rule
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 54% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
Download Yara Rule
| C-Code - Quality: 67% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 57% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F06B Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
Download Yara Rule
| C-Code - Quality: 62% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| C-Code - Quality: 17% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 37% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46780 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
Download Yara Rule
| C-Code - Quality: 62% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6D14F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 89% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 3.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 373 |
| Total number of Limit Nodes: | 23 |
Graph
Function 6EB456B0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 412memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 79% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55723 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 90% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB44010 Relevance: 15.0, APIs: 7, Strings: 1, Instructions: 1002memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB642E6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 30% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 35% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 90% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 76% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 54% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48392 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6AC94 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F50 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB43F70 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 98% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46170 Relevance: 9.1, APIs: 6, Instructions: 81windowCOMMON
Download Yara Rule
| C-Code - Quality: 54% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB505A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45CD0 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 328windowCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB507D6 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4A0A9 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 46% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F5ED Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46260 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 244windowCOMMON
Download Yara Rule
| C-Code - Quality: 68% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C12A Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
Download Yara Rule
| C-Code - Quality: 89% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB465A0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163clipboardwindowmemoryCOMMON
Download Yara Rule
| C-Code - Quality: 69% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6A6BF Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB500B4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB530ED Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB558E2 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4889E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB473C0 Relevance: 12.2, APIs: 8, Instructions: 212COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5456E Relevance: 12.0, APIs: 8, Instructions: 39COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60112 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 92% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4C870 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51254 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
Download Yara Rule
| C-Code - Quality: 70% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB510D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56A31 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB568CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55983 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54528 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB618E8 Relevance: 9.3, APIs: 6, Instructions: 256stringCOMMON
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52F37 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5B7A6 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
Download Yara Rule
| C-Code - Quality: 49% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB61CD4 Relevance: 9.1, APIs: 6, Instructions: 116memoryCOMMON
Download Yara Rule
| C-Code - Quality: 47% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB487EC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB544B2 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| C-Code - Quality: 38% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5D245 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48202 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 58% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 74% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B8 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB474B6 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB41920 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53F78 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54008 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB54322 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
Download Yara Rule
| C-Code - Quality: 73% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 79% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D8BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6FA52 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55BB6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 54% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5DCE7 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON
Download Yara Rule
| C-Code - Quality: 67% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB45480 Relevance: 6.2, APIs: 4, Instructions: 161memoryCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 57% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB58527 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| C-Code - Quality: 81% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB60D9C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4FB3E Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56350 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB5F06B Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
Download Yara Rule
| C-Code - Quality: 62% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB578F4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| C-Code - Quality: 17% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 37% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB476E0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB52E51 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB48DE3 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB50AB9 Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMON
Download Yara Rule
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB51883 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4E3A5 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB46780 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB56EED Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB55ADC Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4CA33 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB4F484 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
Download Yara Rule
| C-Code - Quality: 88% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB53255 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB62927 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB412C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77windowCOMMON
Download Yara Rule
| C-Code - Quality: 62% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 65% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 6EB6D14F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
Download Yara Rule
| C-Code - Quality: 89% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |