Windows
Analysis Report
555.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 555.exe (PID: 6192 cmdline:
"C:\Users\ user\Deskt op\555.exe " MD5: ED37EBBE1746DD0D566C8C4769655E0B) - 555.exe (PID: 6444 cmdline:
C:\Users\u ser\Deskto p\555.exe MD5: ED37EBBE1746DD0D566C8C4769655E0B) - WerFault.exe (PID: 6864 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 444 -s 122 8 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Oski_1 | Yara detected Oski Stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Oski_1 | Yara detected Oski Stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Oski_1 | Yara detected Oski Stealer | Joe Security | ||
Click to see the 15 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Oski_1 | Yara detected Oski Stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Vidar | Vidar Payload | kevoreilly |
| |
JoeSecurity_Oski_1 | Yara detected Oski Stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Click to see the 1 entries |
There are no malicious signatures, click here to show all signatures.
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 3_2_0040A053 | |
Source: | Code function: | 3_2_004108CF | |
Source: | Code function: | 3_2_0040D053 | |
Source: | Code function: | 3_2_0040D3A5 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00408B20 |
Source: | Code function: | 3_2_00411CE4 | |
Source: | Code function: | 3_2_00404BD7 | |
Source: | Code function: | 3_2_0040F1C4 | |
Source: | Code function: | 3_2_00405291 | |
Source: | Code function: | 3_2_00453605 | |
Source: | Code function: | 3_2_0040F72A |
Source: | Code function: | 3_2_00405742 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 3_2_00409559 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 0_2_00408B20 | |
Source: | Code function: | 0_2_0040AC10 | |
Source: | Code function: | 0_2_00407DF0 | |
Source: | Code function: | 0_2_00438147 | |
Source: | Code function: | 0_2_00423130 | |
Source: | Code function: | 0_2_00430308 | |
Source: | Code function: | 0_2_0043943F | |
Source: | Code function: | 0_2_004464D0 | |
Source: | Code function: | 0_2_0043751A | |
Source: | Code function: | 0_2_00447649 | |
Source: | Code function: | 0_2_004306F0 | |
Source: | Code function: | 0_2_0042F703 | |
Source: | Code function: | 0_2_00405900 | |
Source: | Code function: | 0_2_00437A6B | |
Source: | Code function: | 0_2_00446AAD | |
Source: | Code function: | 0_2_0042FB98 | |
Source: | Code function: | 0_2_00445DBF | |
Source: | Code function: | 0_2_0042FF36 | |
Source: | Code function: | 0_2_00436FC9 | |
Source: | Code function: | 0_2_00432FF6 | |
Source: | Code function: | 3_2_0045604F | |
Source: | Code function: | 3_2_0046E069 | |
Source: | Code function: | 3_2_0046A18D | |
Source: | Code function: | 3_2_0046A575 | |
Source: | Code function: | 3_2_0044C530 | |
Source: | Code function: | 3_2_0046E5BA | |
Source: | Code function: | 3_2_00456AB1 | |
Source: | Code function: | 3_2_0046EB0B | |
Source: | Code function: | 3_2_00454B1E | |
Source: | Code function: | 3_2_0044AB25 | |
Source: | Code function: | 3_2_00426E19 | |
Source: | Code function: | 3_2_00438FBA | |
Source: | Code function: | 3_2_0046F1E7 | |
Source: | Code function: | 3_2_00459280 | |
Source: | Code function: | 3_2_00469588 | |
Source: | Code function: | 3_2_004157E1 | |
Source: | Code function: | 3_2_004477E7 | |
Source: | Code function: | 3_2_00469A1D | |
Source: | Code function: | 3_2_00429DA3 | |
Source: | Code function: | 3_2_00469DBB | |
Source: | Code function: | 3_2_0043FE0C | |
Source: | Code function: | 3_2_00449EE7 | |
Source: | Code function: | 3_2_0046FFB0 |
Source: | Code function: | 0_2_04773914 |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 3_2_00409559 |
Source: | Code function: | 3_2_004223F4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_0042226B |
Source: | Code function: | 3_2_0040A1D5 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 0_2_00408B20 |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 0_2_0040D360 | |
Source: | Command line argument: | 3_2_00407BAB | |
Source: | Command line argument: | 3_2_00407BAB | |
Source: | Command line argument: | 3_2_00407BAB | |
Source: | Command line argument: | 3_2_00407BAB | |
Source: | Command line argument: | 3_2_00407BAB |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static file information: |
Source: | Code function: | 0_2_0042A248 | |
Source: | Code function: | 0_2_00425762 | |
Source: | Code function: | 3_2_00458C2B | |
Source: | Code function: | 3_2_0045F668 |
Source: | Code function: | 0_2_00408B20 |
Source: | Static PE information: |
Source: | Code function: | 3_2_0040ADF5 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Event Logs and Signature results: |
Source: | Code function: | 3_2_004164C4 |
Source: | Code function: | 3_2_00450D1B |
Source: | Window / User API: | Jump to behavior |
Source: | Evaded block: | graph_3-65467 |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_004274F9 |
Source: | Code function: | 3_2_00411CE4 | |
Source: | Code function: | 3_2_00404BD7 | |
Source: | Code function: | 3_2_0040F1C4 | |
Source: | Code function: | 3_2_00405291 | |
Source: | Code function: | 3_2_00453605 | |
Source: | Code function: | 3_2_0040F72A |
Source: | Code function: | 3_2_00405742 |
Source: | API call chain: | graph_0-41025 | ||
Source: | API call chain: | graph_0-41038 | ||
Source: | API call chain: | graph_0-40200 | ||
Source: | API call chain: | graph_0-39473 | ||
Source: | API call chain: | graph_0-40208 | ||
Source: | API call chain: | graph_3-65038 | ||
Source: | API call chain: | graph_3-66171 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_004230EF |
Source: | Code function: | 0_2_00408B20 |
Source: | Code function: | 0_2_00439101 |
Source: | Code function: | 0_2_04771560 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_004230EF | |
Source: | Code function: | 0_2_004287EA | |
Source: | Code function: | 0_2_0042CF16 | |
Source: | Code function: | 3_2_00458B31 | |
Source: | Code function: | 3_2_00466FD1 | |
Source: | Code function: | 3_2_0045F80E |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_0042F0DC | |
Source: | Code function: | 0_2_00425096 | |
Source: | Code function: | 0_2_0044C0A2 | |
Source: | Code function: | 0_2_0042F1DE | |
Source: | Code function: | 0_2_0042F183 | |
Source: | Code function: | 0_2_0042F3AF | |
Source: | Code function: | 0_2_0042F46F | |
Source: | Code function: | 0_2_0043540E | |
Source: | Code function: | 0_2_0042F4D6 | |
Source: | Code function: | 0_2_004354E8 | |
Source: | Code function: | 0_2_0042F512 | |
Source: | Code function: | 0_2_004276B6 | |
Source: | Code function: | 0_2_0042E815 | |
Source: | Code function: | 0_2_0042D8E3 | |
Source: | Code function: | 0_2_0042EB03 | |
Source: | Code function: | 0_2_0042DBB9 | |
Source: | Code function: | 0_2_0042EFE7 | |
Source: | Code function: | 3_2_0046869A | |
Source: | Code function: | 3_2_0045C90A | |
Source: | Code function: | 3_2_00468988 | |
Source: | Code function: | 3_2_00450D1B | |
Source: | Code function: | 3_2_00468E6C | |
Source: | Code function: | 3_2_00468F61 | |
Source: | Code function: | 3_2_00469063 | |
Source: | Code function: | 3_2_00469008 | |
Source: | Code function: | 3_2_00469234 | |
Source: | Code function: | 3_2_004692F4 | |
Source: | Code function: | 3_2_0046935B | |
Source: | Code function: | 3_2_00469397 | |
Source: | Code function: | 3_2_00467793 | |
Source: | Code function: | 3_2_0046DA57 | |
Source: | Code function: | 3_2_00467A3E | |
Source: | Code function: | 3_2_0046DB31 | |
Source: | Code function: | 3_2_00459E8F |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00408B20 |
Source: | Code function: | 0_2_0044D58B |
Source: | Code function: | 3_2_0040A13F |
Source: | Code function: | 3_2_00450776 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00408870 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | 111 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Network Share Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 111 Process Injection | LSASS Memory | 12 System Time Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Obfuscated Files or Information | NTDS | 31 Security Software Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 2 Process Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 Account Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 2 File and Directory Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 26 System Information Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | Virustotal | Browse | ||
41% | Metadefender | Browse | ||
79% | ReversingLabs | Win32.Trojan.Graftor | ||
100% | Avira | HEUR/AGEN.1206114 |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1206114 | Download File | ||
100% | Avira | HEUR/AGEN.1210209 | Download File | ||
100% | Avira | HEUR/AGEN.1206114 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dersed.com | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 594633 |
Start date and time: | 2022-03-22 22:51:33 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 555.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.spyw.evad.winEXE@4/4@7/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.189.173.20, 20.54.110.249
- Excluded domains from analysis (whitelisted): fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
23:53:15 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_555.exe_73a2317c9b18c06fb4572ea77cd525ee3f28dbd_69550887_1ab655c1\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9430986111528993 |
Encrypted: | false |
SSDEEP: | 192:M2AFk0lk4YHBUZMXojAK3Yw/u7shS274Itx:QPlk9BUZMXojL/u7shX4Itx |
MD5: | 9B8FC50DD0D29F54F499621D50C8AD62 |
SHA1: | 1273BFD6929FB2B4CA4874A792AE69816B1E2F11 |
SHA-256: | 9655AA68E28BDC15B2CBB4DAA13850F1A086D82D45FF56F78C3FEEE8A0CBF803 |
SHA-512: | BFC071EAB661547CB0BD88D00ECBBEF817CF30CF4A9ACBCAEFF1BFB1569075424335948962E71C07F5360BC53316DCF1687D9CF46278F62EC1F89128B49EAE95 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 92494 |
Entropy (8bit): | 1.9553236387916726 |
Encrypted: | false |
SSDEEP: | 384:HvVcEVMCcx960PIEQUnVT9sEQOeYBF+D+2IYBO:HyChQI5gVKE4YBF+x6 |
MD5: | 87D9B100A994FF000B5C06267BE0226D |
SHA1: | 46D41AFA9086777230CB38F7F957024E34F57815 |
SHA-256: | 258E97FE2FC99EE493D3F78937B42C864BBA2654D5348A464FC129E83F464970 |
SHA-512: | F4CE8D98D9AF8FAF155BDBC3BB62E35D74B558465F79D520ACB009747F669CC50CEE20772B0DC326E96AA5DA322DAC4808831FAA4C8598D48AF45EADC96EDA73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8234 |
Entropy (8bit): | 3.688431082756376 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiWN6Irwt6Yei6DgmfhhS8+pr589bWTsf0Oym:RrlsNi06IrS6Yj6DgmfnSGW4fv |
MD5: | CDE05209CC74B1005E7AD76327AA3173 |
SHA1: | 651DF6AA11E2B4F6CDF1E21A1228A0FF68CD0743 |
SHA-256: | ABB9D8C4C33EEC5B9D10B346747AE37C70F8F58CCDC7D12984A467C0A4AE4531 |
SHA-512: | 19AB7546E950373EC778423E45C2D08718D9C5525182D14F42CC2F2082A10247515AE4728541736B8453A7B3A277DAA4602BC77E0B15C60C65C9D3F9CE33C0E9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4522 |
Entropy (8bit): | 4.423325556237254 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zskJgtWI9NJWgc8sqYjK8fm8M4J61RF3I+q8mbwhHXSrxd:uITfia4grsqYrJ69I/wxSrxd |
MD5: | 68930925340EA9386F5C57115BC56C4A |
SHA1: | 21FFD5E3BDD640870D896B69AB35C588364B5611 |
SHA-256: | F6AA5BD71759921218656247A52D2CE89A6BA9F53F4AFB7BBB1A79E45A369E5D |
SHA-512: | 7E78820E9C2427F020176D43CFBCF73E6785E7E67E08F79EB317E69493D27D63E2F2FE8915B02117097B95A46F350C56177A81DBDA067472424BBC72CD7663E5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.692192927991023 |
TrID: |
|
File name: | 555.exe |
File size: | 1304576 |
MD5: | ed37ebbe1746dd0d566c8c4769655e0b |
SHA1: | 0a559ebf6ab1cdf292c79aac5ac20c236d975eb7 |
SHA256: | b4c9aadd18c1b6f613bf9d6db71dcc010bbdfe8b770b4084eeb7d5c77d95f180 |
SHA512: | aed30ae2e22ded5374f56062cdbcc2a72edea1d727e7fd0624e627f363d18787d5ce4334066b76b23d10e0a2c0169f06e5d6a8f05037d0943bfea110ee805060 |
SSDEEP: | 24576:atLyuIJLGWVpPq48nuzldzB2sZL7kHNWDzBHc6ewxl:KLgFGYq48nupdzB2sp7kHNW51eE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.....H...H...H..iH...H..]Hc..H.`tH...H.`dH...H...H...H..\H...H..mH...H..jH...HRich...H........................PE..L...t.q]... |
Icon Hash: | 18f0f8d2f2e4f206 |
Entrypoint: | 0x424e16 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x5D710174 [Thu Sep 5 12:37:08 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 5f3146513f84438aa6d693baf35ebf34 |
Instruction |
---|
call 00007FAC08A60E69h |
jmp 00007FAC08A5841Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
test eax, eax |
je 00007FAC08A585A4h |
sub eax, 08h |
cmp dword ptr [eax], 0000DDDDh |
jne 00007FAC08A58599h |
push eax |
call 00007FAC08A56352h |
pop ecx |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 10h |
mov eax, dword ptr [004608E0h] |
xor eax, ebp |
mov dword ptr [ebp-04h], eax |
mov edx, dword ptr [ebp+18h] |
push ebx |
xor ebx, ebx |
push esi |
push edi |
cmp edx, ebx |
jle 00007FAC08A585B1h |
mov eax, dword ptr [ebp+14h] |
mov ecx, edx |
dec ecx |
cmp byte ptr [eax], bl |
je 00007FAC08A5859Ah |
inc eax |
cmp ecx, ebx |
jne 00007FAC08A58588h |
or ecx, FFFFFFFFh |
mov eax, edx |
sub eax, ecx |
dec eax |
cmp eax, edx |
jnl 00007FAC08A58593h |
inc eax |
mov dword ptr [ebp+18h], eax |
mov dword ptr [ebp-08h], ebx |
cmp dword ptr [ebp+24h], ebx |
jne 00007FAC08A5859Dh |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
mov eax, dword ptr [eax+04h] |
mov dword ptr [ebp+24h], eax |
mov esi, dword ptr [00451204h] |
xor eax, eax |
cmp dword ptr [ebp+28h], ebx |
push ebx |
push ebx |
push dword ptr [ebp+18h] |
setne al |
push dword ptr [ebp+14h] |
lea eax, dword ptr [00000001h+eax*8] |
push eax |
push dword ptr [ebp+24h] |
call esi |
mov edi, eax |
mov dword ptr [ebp-10h], edi |
cmp edi, ebx |
jne 00007FAC08A58599h |
xor eax, eax |
jmp 00007FAC08A586E7h |
jle 00007FAC08A585D5h |
push FFFFFFE0h |
xor edx, edx |
pop eax |
div edi |
cmp eax, 02h |
jc 00007FAC08A585C9h |
lea eax, dword ptr [edi+edi+08h] |
cmp eax, 00000400h |
jnbe 00007FAC08A585A5h |
call 00007FAC08A58644h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5e954 | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x66000 | 0xdd458 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x57690 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x51000 | 0x364 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4f7d9 | 0x4f800 | False | 0.48689010908 | data | 6.55171601636 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x51000 | 0xeca4 | 0xee00 | False | 0.418723739496 | data | 5.42402682187 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x60000 | 0x58c4 | 0x2800 | False | 0.26943359375 | data | 4.43475879322 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x66000 | 0xdd458 | 0xdd600 | False | 0.962993188876 | data | 7.93995191617 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
AFX | 0x6673c | 0x10218 | data | English | United States |
CUSTOM | 0x76954 | 0x36f3e | data | English | United States |
RCDATA | 0xad894 | 0x894ac | data | English | United States |
RT_ICON | 0x136d40 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x13af68 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x13d510 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x13e5b8 | 0x988 | data | English | United States |
RT_ICON | 0x13ef40 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x13f3a8 | 0x70 | data | English | United States |
RT_DIALOG | 0x13f418 | 0x224 | data | English | United States |
RT_DIALOG | 0x13f63c | 0x390 | data | English | United States |
RT_DIALOG | 0x13f9cc | 0x172 | data | English | United States |
RT_DIALOG | 0x13fb40 | 0xe2 | data | English | United States |
RT_DIALOG | 0x13fc24 | 0xf8 | data | English | United States |
RT_DIALOG | 0x13fd1c | 0x24c | data | English | United States |
RT_STRING | 0x13ff68 | 0xb98 | data | English | United States |
RT_STRING | 0x140b00 | 0x2a | data | English | United States |
RT_STRING | 0x140b2c | 0x1a4 | data | English | United States |
RT_STRING | 0x140cd0 | 0xda | data | English | United States |
RT_STRING | 0x140dac | 0x384 | data | English | United States |
RT_STRING | 0x141130 | 0x38c | data | English | United States |
RT_STRING | 0x1414bc | 0x140 | data | English | United States |
RT_STRING | 0x1415fc | 0x71c | data | English | United States |
RT_STRING | 0x141d18 | 0x638 | data | English | United States |
RT_STRING | 0x142350 | 0xe8 | data | English | United States |
RT_STRING | 0x142438 | 0x4a8 | data | English | United States |
RT_STRING | 0x1428e0 | 0x38c | data | English | United States |
RT_STRING | 0x142c6c | 0x62 | data | English | United States |
RT_STRING | 0x142cd0 | 0x13c | data | English | United States |
RT_STRING | 0x142e0c | 0x3a | data | English | United States |
RT_GROUP_ICON | 0x142e48 | 0x4c | data | English | United States |
RT_VERSION | 0x142e94 | 0x338 | data | English | United States |
RT_MANIFEST | 0x1431cc | 0x28a | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetTimeFormatA, GetProcessHeap, SetEndOfFile, CreateFileW, SetEnvironmentVariableA, CompareStringW, SetStdHandle, WriteConsoleW, LoadLibraryW, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, HeapReAlloc, GetLocaleInfoW, GetStringTypeW, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, GetDateFormatA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, GetModuleFileNameW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetFileType, InitializeCriticalSectionAndSpinCount, lstrlenW, SetHandleCount, HeapSize, IsValidCodePage, GetOEMCP, GetACP, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetTempPathA, GetTempFileNameA, GetFinalPathNameByHandleA, GetLastError, CreateFileA, GetFileSize, SetFilePointer, ReadFile, CloseHandle, lstrcpyW, GetCurrentDirectoryW, VirtualQuery, QueryPerformanceCounter, lstrcpyA, WideCharToMultiByte, MulDiv, GlobalAlloc, ExitProcess, SizeofResource, LoadResource, LockResource, GetCurrentThreadId, SetLastError, GetModuleHandleW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, HeapCreate, IsProcessorFeaturePresent, HeapAlloc, GetCPInfo, LCMapStringW, GetTimeZoneInformation, GetStartupInfoW, HeapSetInformation, GetCommandLineA, RtlUnwind, RaiseException, FindResourceA, LoadLibraryA, HeapFree, DecodePointer, EncodePointer, GetProcAddress, WriteFile, lstrcatA, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetStdHandle, GetModuleHandleA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, Sleep, MultiByteToWideChar, InterlockedExchange, InterlockedCompareExchange, InterlockedDecrement, InterlockedIncrement |
USER32.dll | SendMessageW, PostQuitMessage, DefWindowProcA, LoadBitmapA, DefDlgProcA, ClientToScreen, SendMessageA, CreateWindowExA, InsertMenuItemA, ShowWindow, HideCaret, WindowFromPoint, EnableWindow, UnionRect, SetRect, SetActiveWindow, GetWindowLongA, GetForegroundWindow, IsZoomed, SetWindowPos, GetSystemMetrics, GetWindowRect, EnumChildWindows, PostMessageA, RegisterClassA, SendDlgItemMessageA, GetParent, EndPaint, DrawTextA, GetClientRect, BeginPaint, GetDlgItem, LoadIconA, LoadCursorA, SetWindowLongA, CreateMenu, AppendMenuA, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, IsWinEventHookInstalled, GetActiveWindow |
GDI32.dll | CreateFontA, SelectObject, DeleteObject, SetBkMode, CreateFontW, CreateFontIndirectA, TextOutA, StartPage, GetTextMetricsW, GetTextExtentExPointW, ExtTextOutW, EndPage, SetStretchBltMode, GetStockObject |
COMDLG32.dll | CommDlgExtendedError, GetSaveFileNameA, ChooseFontA |
ADVAPI32.dll | LsaRemoveAccountRights, LsaAddAccountRights |
ole32.dll | CoInitialize, CreateBindCtx, MkParseDisplayName |
WS2_32.dll | WSACreateEvent, WSAWaitForMultipleEvents |
NETAPI32.dll | NetApiBufferFree, NetUserEnum |
WINMM.dll | midiInOpen, midiInGetDevCapsA, PlaySoundA, midiInStart, mmioDescend, mmioSeek, midiInClose, mmioClose, midiInGetNumDevs |
CRYPT32.dll | CertEnumPhysicalStore |
SHLWAPI.dll | SHAutoComplete, PathCompactPathA |
COMCTL32.dll | ImageList_GetImageCount, ImageList_LoadImageA, ImageList_Add, ImageList_DragMove, _TrackMouseEvent, ImageList_Create |
gdiplus.dll | GdiplusStartup, GdipCloneImage, GdipFree, GdipDeleteGraphics, GdipLoadImageFromFile, GdipDrawImageRectRectI, GdipAlloc, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateFromHDC, GdipSetInterpolationMode |
UxTheme.dll | OpenThemeData |
Description | Data |
---|---|
LegalCopyright | Bitdefender LLC Copyright . All rights reserved. |
CompanyName | Bitdefender LLC |
FileDescription | Selfssl Progresses Fatherbard New |
Comments | Selfssl Progresses Fatherbard New |
ProductName | Cnnmgrestablishcnnectin283715 |
ProductVersion | 8.2.5.127 |
PrivateBuild | 8.2.5.127 |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 22, 2022 23:53:04.067533016 CET | 60758 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.095592022 CET | 53 | 60758 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.115511894 CET | 60647 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.136682034 CET | 53 | 60647 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.145426989 CET | 64909 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.171823978 CET | 53 | 64909 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.218432903 CET | 60381 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.240736008 CET | 53 | 60381 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.260018110 CET | 56509 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.281152964 CET | 53 | 56509 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.305391073 CET | 54069 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.324481010 CET | 53 | 54069 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 23:53:04.335752964 CET | 57747 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 23:53:04.354562044 CET | 53 | 57747 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 22, 2022 23:53:04.067533016 CET | 192.168.2.4 | 8.8.8.8 | 0x8694 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.115511894 CET | 192.168.2.4 | 8.8.8.8 | 0xeb1c | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.145426989 CET | 192.168.2.4 | 8.8.8.8 | 0x99f3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.218432903 CET | 192.168.2.4 | 8.8.8.8 | 0x774b | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.260018110 CET | 192.168.2.4 | 8.8.8.8 | 0x764c | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.305391073 CET | 192.168.2.4 | 8.8.8.8 | 0x2f6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.335752964 CET | 192.168.2.4 | 8.8.8.8 | 0x1447 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 22, 2022 23:53:04.095592022 CET | 8.8.8.8 | 192.168.2.4 | 0x8694 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.136682034 CET | 8.8.8.8 | 192.168.2.4 | 0xeb1c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.171823978 CET | 8.8.8.8 | 192.168.2.4 | 0x99f3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.240736008 CET | 8.8.8.8 | 192.168.2.4 | 0x774b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.281152964 CET | 8.8.8.8 | 192.168.2.4 | 0x764c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.324481010 CET | 8.8.8.8 | 192.168.2.4 | 0x2f6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 22, 2022 23:53:04.354562044 CET | 8.8.8.8 | 192.168.2.4 | 0x1447 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 23:52:41 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\Desktop\555.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1304576 bytes |
MD5 hash: | ED37EBBE1746DD0D566C8C4769655E0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 23:52:59 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\Desktop\555.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1304576 bytes |
MD5 hash: | ED37EBBE1746DD0D566C8C4769655E0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 11 |
Start time: | 23:53:07 |
Start date: | 22/03/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb60000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 8.2% |
Dynamic/Decrypted Code Coverage: | 7.6% |
Signature Coverage: | 14.4% |
Total number of Nodes: | 1767 |
Total number of Limit Nodes: | 40 |
Graph
Function 00408B20 Relevance: 245.0, APIs: 122, Strings: 17, Instructions: 1736filestringCOMMONCrypto
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC10 Relevance: 93.4, APIs: 47, Strings: 6, Instructions: 687windowCOMMONCrypto
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D360 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 235windowregistryCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407DF0 Relevance: 18.3, APIs: 1, Strings: 9, Instructions: 824COMMONCrypto
C-Code - Quality: 66% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773914 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CE10 Relevance: 52.9, APIs: 29, Strings: 1, Instructions: 397windowfileCOMMON
Control-flow Graph
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424555 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C130 Relevance: 3.0, APIs: 2, Instructions: 50COMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 15% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B55C Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A2A8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Control-flow Graph
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773994 Relevance: 1.5, APIs: 1, Instructions: 36processCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047738C4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773A34 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047739F4 Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773AF4 Relevance: 1.5, APIs: 1, Instructions: 18threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773894 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773B54 Relevance: 1.3, APIs: 1, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04770570 Relevance: 1.3, APIs: 1, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773B24 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04770540 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04773B94 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047704E0 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04770510 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405900 Relevance: 14.9, APIs: 2, Strings: 6, Instructions: 894COMMONCrypto
C-Code - Quality: 99% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004230EF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042EFE7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C0A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447649 Relevance: 3.4, APIs: 2, Instructions: 448COMMONCrypto
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445DBF Relevance: 3.4, APIs: 2, Instructions: 448COMMONCrypto
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CF16 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043943F Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODECrypto
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004306F0 Relevance: .4, Instructions: 355COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430308 Relevance: .3, Instructions: 349COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FF36 Relevance: .3, Instructions: 332COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FB98 Relevance: .3, Instructions: 326COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423130 Relevance: .1, Instructions: 76COMMONLIBRARYCODECrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771560 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428133 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409058 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 181stringwindowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446396 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446433 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D58C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D629 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D6C6 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D763 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D800 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D89D Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D93A Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D9D7 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EA75 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DBAE Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DC4B Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EC4C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043ECE9 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DCE8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DD85 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DEBF Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DFF9 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403170 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449030 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044A367 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449664 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449701 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DA74 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EB12 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DB11 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EBAF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439C0B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DE22 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DF5C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448F93 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427EBD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004490CD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044979E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043ED86 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448EF6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004027B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BC0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426E49 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
C-Code - Quality: 27% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EEFB Relevance: 7.9, APIs: 5, Instructions: 436COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
C-Code - Quality: 80% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138A0 Relevance: 6.5, APIs: 4, Instructions: 463COMMON
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C140 Relevance: 6.2, APIs: 4, Instructions: 181COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419CB0 Relevance: 6.1, APIs: 4, Instructions: 117COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E1A0 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419210 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411210 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004125B0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004407AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D41E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401B40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 16% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426BC2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 1269 |
Total number of Limit Nodes: | 38 |
Graph
Function 0040ADF5 Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 102libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407BAB Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 89synchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A1D5 Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040664E Relevance: 188.9, APIs: 51, Strings: 56, Instructions: 1614sleepfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A3F Relevance: 72.5, APIs: 11, Strings: 30, Instructions: 762fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409C07 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 275networkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045053F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452FB3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458681 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046794E Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045B5B2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404BD7 Relevance: 70.5, APIs: 18, Strings: 22, Instructions: 486stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405291 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 240stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409559 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 239networkcomfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F72A Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 278fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D053 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190encryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D3A5 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 187encryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F1C4 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 397fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450D1B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042226B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004108CF Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468E6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004164C4 Relevance: 6.1, APIs: 4, Instructions: 60timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004223F4 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453605 Relevance: 4.6, APIs: 3, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A13F Relevance: 3.0, APIs: 2, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450776 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004274F9 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCB5 Relevance: 73.8, APIs: 27, Strings: 15, Instructions: 298registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C548 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 264libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045EF8B Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C85C Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 245libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CC36 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004099B2 Relevance: 35.2, APIs: 6, Strings: 14, Instructions: 196fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004500E5 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 185registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040811E Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 411fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004097FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 143networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FCFE Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 240fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454DE4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 176fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040948C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 68networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045060E Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 121libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450E7B Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 309processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450016 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004503C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045152C Relevance: 10.5, APIs: 7, Instructions: 46windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045ED15 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D21 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412674 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 236fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C174 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E37E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427331 Relevance: 7.7, APIs: 5, Instructions: 152fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455064 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416399 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415CBD Relevance: 7.6, APIs: 5, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428D9D Relevance: 6.2, APIs: 4, Instructions: 194COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045C1B9 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004341F2 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004552BA Relevance: 6.1, APIs: 4, Instructions: 100timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451417 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415C62 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415C12 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A2C3 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004515F5 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004518D9 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040132D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040111F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E0F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004010C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |