Windows
Analysis Report
YogaDNSSetup.exe
Overview
General Information
Detection
Score: | 28 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
- YogaDNSSetup.exe (PID: 6768 cmdline:
"C:\Users\ user\Deskt op\YogaDNS Setup.exe" MD5: AC752DF0EBB3FC9FCBB3B906B4050C17) - YogaDNSSetup.tmp (PID: 6828 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-HAI 0J.tmp\Yog aDNSSetup. tmp" /SL5= "$7037A,76 54068,8314 88,C:\User s\user\Des ktop\YogaD NSSetup.ex e" MD5: 7FD3620B726C3B90AD03266C3942ACA9) - YogaDNS.exe (PID: 6940 cmdline:
"C:\Progra m Files (x 86)\YogaDN S\YogaDNS. exe" /Forc eExit MD5: FB51F3CA7F0785C5AF983D599F715FF3) - net.exe (PID: 6508 cmdline:
"NET.EXE" stop DnsFl tEngineDrv MD5: DD0561156F62BC1958CE0E370B23711B) - conhost.exe (PID: 6908 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - net1.exe (PID: 6964 cmdline:
C:\Windows \system32\ net1 stop DnsFltEngi neDrv MD5: B5A26C2BF17222E86B91D26F1247AF3E) - rundll32.exe (PID: 6848 cmdline:
"RUNDLL32. EXE" SETUP API.DLL,In stallHinfS ection Def aultInstal l 132 C:\P rogram Fil es (x86)\Y ogaDNS\Dri ver\DnsFlt EngineDrv. inf MD5: 73C519F050C20580F8A62C849D49215A) - runonce.exe (PID: 5108 cmdline:
"C:\Window s\system32 \runonce.e xe" -r MD5: 5F3BE52A00D8C741AE0B7FCE861F90AD) - grpconv.exe (PID: 7044 cmdline:
"C:\Window s\System32 \grpconv.e xe" -o MD5: 7E727D9259367AF1C140377A4BF173C0) - YogaDNS.exe (PID: 5116 cmdline:
"C:\Progra m Files (x 86)\YogaDN S\YogaDNS. exe" /Show Wnd MD5: FB51F3CA7F0785C5AF983D599F715FF3)
- YogaDNS.exe (PID: 7008 cmdline:
"C:\Progra m Files (x 86)\YogaDN S\YogaDNS. exe" /Auto Run MD5: FB51F3CA7F0785C5AF983D599F715FF3)
- cleanup
There are no malicious signatures, click here to show all signatures.
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Konstantin Grishchenko, oscd.community: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): |
Source: | Author: frack113: |
Click to jump to signature section
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0040AEF4 | |
Source: | Code function: | 0_2_0040A928 | |
Source: | Code function: | 2_2_0060C2B0 | |
Source: | Code function: | 2_2_0040E6A0 | |
Source: | Code function: | 2_2_0040E0D4 | |
Source: | Code function: | 2_2_006B8DE4 |
Networking |
---|
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 0_2_004AF110 | |
Source: | Code function: | 2_2_0060F6D8 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_004323DC | |
Source: | Code function: | 0_2_004255DC | |
Source: | Code function: | 0_2_0040E9C4 | |
Source: | Code function: | 2_2_006B786C | |
Source: | Code function: | 2_2_0040C938 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_004AF110 | |
Source: | Code function: | 2_2_0060F6D8 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 2_2_0062CFB8 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0041A4DC |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 0_2_004AF9F0 |
Source: | File created: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Key value created or modified: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_004B50D6 | |
Source: | Code function: | 0_2_004B5A40 | |
Source: | Code function: | 0_2_00458005 | |
Source: | Code function: | 0_2_0049B03D | |
Source: | Code function: | 0_2_004A00F9 | |
Source: | Code function: | 0_2_00458089 | |
Source: | Code function: | 0_2_004B10E4 | |
Source: | Code function: | 0_2_004A1095 | |
Source: | Code function: | 0_2_0041A0B8 | |
Source: | Code function: | 0_2_004270FC | |
Source: | Code function: | 0_2_0045810D | |
Source: | Code function: | 0_2_004321C9 | |
Source: | Code function: | 0_2_004A21D9 | |
Source: | Code function: | 0_2_0049E1B9 | |
Source: | Code function: | 0_2_0049A370 | |
Source: | Code function: | 0_2_0045526C | |
Source: | Code function: | 0_2_004252D9 | |
Source: | Code function: | 0_2_004592FD | |
Source: | Code function: | 0_2_0045B285 | |
Source: | Code function: | 0_2_00430359 | |
Source: | Code function: | 0_2_00430371 | |
Source: | Code function: | 0_2_00459398 | |
Source: | Code function: | 0_2_004A1429 | |
Source: | Code function: | 0_2_0049B425 | |
Source: | Code function: | 0_2_004A24D9 | |
Source: | Code function: | 0_2_004225EC | |
Source: | Code function: | 0_2_004304F1 | |
Source: | Code function: | 0_2_00499493 | |
Source: | Code function: | 0_2_00458565 | |
Source: | Code function: | 0_2_00458575 | |
Source: | Code function: | 0_2_00457578 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 2_2_005C90B4 | |
Source: | Code function: | 2_2_006A68B0 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Check user administrative privileges: | graph_2-21796 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_004AF91C |
Source: | Code function: | 0_2_0040AEF4 | |
Source: | Code function: | 0_2_0040A928 | |
Source: | Code function: | 2_2_0060C2B0 | |
Source: | Code function: | 2_2_0040E6A0 | |
Source: | Code function: | 2_2_0040E0D4 | |
Source: | Code function: | 2_2_006B8DE4 |
Source: | Code function: | 14_2_0121B271 | |
Source: | Code function: | 21_2_0121B271 | |
Source: | Code function: | 23_2_0121B271 |
Source: | Code function: | 2_2_006A60E8 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 2_2_005C8B3C |
Source: | Code function: | 2_2_005C7CE0 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040B044 | |
Source: | Code function: | 0_2_0041E034 | |
Source: | Code function: | 0_2_0041E080 | |
Source: | Code function: | 0_2_004AF218 | |
Source: | Code function: | 0_2_0040A4CC | |
Source: | Code function: | 2_2_0040E7F0 | |
Source: | Code function: | 2_2_006103F8 | |
Source: | Code function: | 2_2_0040DC78 |
Source: | Code function: | 0_2_00405AE0 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00625754 |
Source: | Code function: | 0_2_0041C3D8 |
Source: | Code function: | 0_2_004B5114 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 Windows Service | 1 Exploitation for Privilege Escalation | 11 Deobfuscate/Decode Files or Information | 1 Network Sniffing | 11 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 12 Command and Scripting Interpreter | 211 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 1 Input Capture | 2 File and Directory Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Service Execution | Logon Script (Windows) | 1 Windows Service | 1 File Deletion | Security Account Manager | 1 Network Sniffing | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 12 Process Injection | 32 Masquerading | NTDS | 35 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | 211 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 12 Process Injection | Cached Domain Credentials | 1 Process Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 2 System Owner/User Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Remote System Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
2% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
yogadns.com | 172.104.9.252 | true | false | high | |
www.yogadns.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.104.9.252 | yogadns.com | United States | 63949 | LINODE-APLinodeLLCUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 599656 |
Start date and time: | 2022-03-29 22:02:03 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 16m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | YogaDNSSetup.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 35 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus28.troj.winEXE@19/32@1/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: YogaDNSSetup.exe
Time | Type | Description |
---|---|---|
00:04:01 | Autostart | |
00:04:09 | Autostart | |
00:04:18 | Autostart |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1926 |
Entropy (8bit): | 5.040698614780791 |
Encrypted: | false |
SSDEEP: | 24:ftgjNJ1ZQtOjX8+VzBZnycy+5iqp/LXUz2mMZD2eYTb:675j7Jm4YqpzkzsZD2eYTb |
MD5: | 82AED006FD809597EC7B068C52056B9B |
SHA1: | 9414D6A444B9DF3C43CC02BAFF00A0A696FEF011 |
SHA-256: | 9C45D2F015203CA02AA576174C31F6008CDDB0B37867DED42386DB11A1964AAE |
SHA-512: | DE6525C7F27B45139CF14F20EA5FCED3784C9AE670D96E239C5F286EBFABB6DD936CD1FCFD010235BE26ABDE4F30F75AA9DE82AC88BD7716C9F2D9AC023AC434 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 58632 |
Entropy (8bit): | 6.718713880471932 |
Encrypted: | false |
SSDEEP: | 768:HdqUkP+xiUHZXT9mJSo8+6fbdzGgHUFBchr2D4yV3hJEb32nZ49z7:9ZHZXT9M8j5Gg0FBchqx3hJEblz7 |
MD5: | C12325E60A0F44F7F0DFA85877ED9C84 |
SHA1: | 79C468B60B59CD7E5BA4806C4FD512A93F444E95 |
SHA-256: | 6E550B6BBE69AA490EE69CCBFDD3084EAD8EA1C94166ACB13161C6F8F5E54B24 |
SHA-512: | 2DBF96D7603545A3420503A7B28E77747166175EE70EE6AA9CAEDEE011FC8BEC14019572CB94D53A2676E1CF446537AFBD950F3ADE2BA107810A2E1527EF367F |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 58632 |
Entropy (8bit): | 6.718713880471932 |
Encrypted: | false |
SSDEEP: | 768:HdqUkP+xiUHZXT9mJSo8+6fbdzGgHUFBchr2D4yV3hJEb32nZ49z7:9ZHZXT9M8j5Gg0FBchqx3hJEblz7 |
MD5: | C12325E60A0F44F7F0DFA85877ED9C84 |
SHA1: | 79C468B60B59CD7E5BA4806C4FD512A93F444E95 |
SHA-256: | 6E550B6BBE69AA490EE69CCBFDD3084EAD8EA1C94166ACB13161C6F8F5E54B24 |
SHA-512: | 2DBF96D7603545A3420503A7B28E77747166175EE70EE6AA9CAEDEE011FC8BEC14019572CB94D53A2676E1CF446537AFBD950F3ADE2BA107810A2E1527EF367F |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1926 |
Entropy (8bit): | 5.040698614780791 |
Encrypted: | false |
SSDEEP: | 24:ftgjNJ1ZQtOjX8+VzBZnycy+5iqp/LXUz2mMZD2eYTb:675j7Jm4YqpzkzsZD2eYTb |
MD5: | 82AED006FD809597EC7B068C52056B9B |
SHA1: | 9414D6A444B9DF3C43CC02BAFF00A0A696FEF011 |
SHA-256: | 9C45D2F015203CA02AA576174C31F6008CDDB0B37867DED42386DB11A1964AAE |
SHA-512: | DE6525C7F27B45139CF14F20EA5FCED3784C9AE670D96E239C5F286EBFABB6DD936CD1FCFD010235BE26ABDE4F30F75AA9DE82AC88BD7716C9F2D9AC023AC434 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 740272 |
Entropy (8bit): | 6.133841932082904 |
Encrypted: | false |
SSDEEP: | 12288:zZMIgYkGOh9h2Vfn2ZQfhT5zhONOqXtVt1tih5c3S:zZMIgYkG12+fA9iha3S |
MD5: | EA3A9D42CE0D9EBDB689FF7A3B79AF82 |
SHA1: | 18A2E0E88EC80FEACF506709134A9B883D40F5FD |
SHA-256: | 87D7A5041B934E52A891161B83ADF99DD23EB50363C3CAE7D29377C3EBBD129E |
SHA-512: | 299AA3CBABA34861E3F465FCA57F9C702953F58D49DF1EB341247C66652B096D65E29B63AE3D23E2A380DD7815AD247AA1751B61F111F1C6FBD5A0AA3A473510 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 4972464 |
Entropy (8bit): | 6.9642813668084 |
Encrypted: | false |
SSDEEP: | 98304:eSiZ44OAkVBrBvfq0l99jTs7ciLSLPm8Z0FLOAkGkzdnEVomFHKnP0V8:eSiZ4LBtfqxSLPm00FLOyomFHKnP9 |
MD5: | FB51F3CA7F0785C5AF983D599F715FF3 |
SHA1: | FA699C8B581CDAB3707A2FF54314A874E0F6386C |
SHA-256: | 212AF26D313A1B2922E0F469D263D52D52762C912C824E362670288A387B79CF |
SHA-512: | 35C3C45E750E4F3AFF8FCD36B954273210A24A3A2BF985DF3766F1B71F614592258CAA392E3ABB843A32DED8800ACED182A15A1F17E3D81F20160A3F17249EA8 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 14948 |
Entropy (8bit): | 4.941455660446903 |
Encrypted: | false |
SSDEEP: | 192:xJ+mP8PIovuNZQ9EmSTI5Teig47/DkJL9zIxyp8t+M69p47Ggw+pdZDSX0Pl/wf:xvyMZQOm9eigEAJBzIYitSb |
MD5: | 2ADA32D744A8E73F8601E4C9C8114792 |
SHA1: | FCD11C721D2ED799FA5D28A479FAEE5A503CA784 |
SHA-256: | DDE19692FC1005FEE0FAA60206D979FAD6F2EE48BC1CF9EBD210C57DE3817406 |
SHA-512: | 03360E6D0FCAFF5260F1B4F7537E7C5767A9EB2A2B5AD0CE7ADE95A8200025C64FB7D1AF51F242FF4D2D7C65B3F0D0F080C66CF7446B48BA1A9F14D4AE425C6A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 15314824 |
Entropy (8bit): | 6.392775163085483 |
Encrypted: | false |
SSDEEP: | 98304:qxTaI8+GOry2lbQhd86hwXfOsz1uLEI3duYozZasCAQr/i9MCgtEs/DPjw4w6A62:8TaIBvKVtozZhCAFVgms/Djw4nMJ |
MD5: | E4FF4EA5EC5BDBD29CB37B3B755C2726 |
SHA1: | E9A8FFB7DE11171D467340958E5EC0FB5F56A5B9 |
SHA-256: | 9A9866FD5B661523ACCAB2EFC180157848F5219225EC7B24699E9E3C3FA5A047 |
SHA-512: | 614E399688B9F51209CCE0F3DEAA0B348E26F63E31FE389757A6EFCFA9027405241E7C69167351D4D73A3DB7384D922E76245DB49AC492638B24C87ABE2B8905 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 3202504 |
Entropy (8bit): | 6.332943576053673 |
Encrypted: | false |
SSDEEP: | 49152:7EA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:/92bz2Eb6pd7B6bAGx7s333T |
MD5: | 7FD3620B726C3B90AD03266C3942ACA9 |
SHA1: | 66C0F6DB3E34003F6C5367B45D81D7533C284C8B |
SHA-256: | 3FB2CE91C0814D3D7F236496FE5374EF6FF502132A3FA30DEEDC3E22B910CA7B |
SHA-512: | 881EEED7EF5CF189511EB2D07C616B0CACE7AFF8D787514FB56293E01BF164A4C65783ACABD95787B33829CA38BA08FE684F207BDCB200D294D2602B3798F076 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2420312 |
Entropy (8bit): | 6.633009244683866 |
Encrypted: | false |
SSDEEP: | 49152:CjIbZhXddeDrsOHgc69kXvQUs2cwE9osptfy4ui3u70vgvee2VRQuz/TjifpTPbn:3b/tsscD69kXvQUs2cwWosptfy4ui3ul |
MD5: | 6111E3EFE0F6FE0E037642DDEAA34BF6 |
SHA1: | 1CA5AE6607941C89A27E7C6BE76CFA40341B2C9E |
SHA-256: | A86E52B8074B159301DDFE8E0FA54F113B1D3B35DA68D5802F8B0BE03EF4D426 |
SHA-512: | 4BB25F81AC188BC7AB3179C62AAB29FEF1FFF86E35D0EE03E49C6F1410E284C428C518D0D01539E7B5F9E939A814E522225042DECE8F8104CA3CB9C2F5333652 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 4972464 |
Entropy (8bit): | 6.9642813668084 |
Encrypted: | false |
SSDEEP: | 98304:eSiZ44OAkVBrBvfq0l99jTs7ciLSLPm8Z0FLOAkGkzdnEVomFHKnP0V8:eSiZ4LBtfqxSLPm00FLOyomFHKnP9 |
MD5: | FB51F3CA7F0785C5AF983D599F715FF3 |
SHA1: | FA699C8B581CDAB3707A2FF54314A874E0F6386C |
SHA-256: | 212AF26D313A1B2922E0F469D263D52D52762C912C824E362670288A387B79CF |
SHA-512: | 35C3C45E750E4F3AFF8FCD36B954273210A24A3A2BF985DF3766F1B71F614592258CAA392E3ABB843A32DED8800ACED182A15A1F17E3D81F20160A3F17249EA8 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 15314824 |
Entropy (8bit): | 6.392775163085483 |
Encrypted: | false |
SSDEEP: | 98304:qxTaI8+GOry2lbQhd86hwXfOsz1uLEI3duYozZasCAQr/i9MCgtEs/DPjw4w6A62:8TaIBvKVtozZhCAFVgms/Djw4nMJ |
MD5: | E4FF4EA5EC5BDBD29CB37B3B755C2726 |
SHA1: | E9A8FFB7DE11171D467340958E5EC0FB5F56A5B9 |
SHA-256: | 9A9866FD5B661523ACCAB2EFC180157848F5219225EC7B24699E9E3C3FA5A047 |
SHA-512: | 614E399688B9F51209CCE0F3DEAA0B348E26F63E31FE389757A6EFCFA9027405241E7C69167351D4D73A3DB7384D922E76245DB49AC492638B24C87ABE2B8905 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 14948 |
Entropy (8bit): | 4.941455660446903 |
Encrypted: | false |
SSDEEP: | 192:xJ+mP8PIovuNZQ9EmSTI5Teig47/DkJL9zIxyp8t+M69p47Ggw+pdZDSX0Pl/wf:xvyMZQOm9eigEAJBzIYitSb |
MD5: | 2ADA32D744A8E73F8601E4C9C8114792 |
SHA1: | FCD11C721D2ED799FA5D28A479FAEE5A503CA784 |
SHA-256: | DDE19692FC1005FEE0FAA60206D979FAD6F2EE48BC1CF9EBD210C57DE3817406 |
SHA-512: | 03360E6D0FCAFF5260F1B4F7537E7C5767A9EB2A2B5AD0CE7ADE95A8200025C64FB7D1AF51F242FF4D2D7C65B3F0D0F080C66CF7446B48BA1A9F14D4AE425C6A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 166 |
Entropy (8bit): | 4.251107294008479 |
Encrypted: | false |
SSDEEP: | 3:Q9F7JzKW9gQCrK4lJh2gpxVtIb3DFVg/C6czoKYd6mRXTWo:GzKW+9bh2UVts35KqndUt |
MD5: | 240DF71B1A110C4DCEFFC1B77751B781 |
SHA1: | 5BAD7EA4FB4D3EFEF27770CD61358CA9012E37AF |
SHA-256: | 06C74EF5EF53344C78C9AF2B29DC458A2ABE93F1BFF429705955C033E7A0686F |
SHA-512: | EB9A441A8DDCD33FF123252515DE683E6C8FA8ACFD43EB43607944CF0E22914694C33B02D7954F30A0BD71890AFFC78894E4DC44FCBCCA93D3F0A8E0E14E535A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 32931 |
Entropy (8bit): | 5.824660809533723 |
Encrypted: | false |
SSDEEP: | 384:PsQPJwxTwqjhzFFNjkSUiZqBRgFrij5q4VHrSrRAyMpRJxF:EQAwqNzFFdkSU3BRkri11vF |
MD5: | 87266FAFF9BEA0D9464D17AE6F99C742 |
SHA1: | ADF6AF84FBC9A721AB45C52CDF99ED530B59CE00 |
SHA-256: | 692184F7D1272B8D1EC73A56C91D6C94C4E8F2C49FD1BE6DD3F6D75BFC48574F |
SHA-512: | 3B226432B2768D9B568BD30E80C58842E943F61B73C0A6BDD6F001DAB5EFF85F913605AEF196999E51E617A20E2CA1A011453A902F8112E597C8EAD361F1C7BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 740272 |
Entropy (8bit): | 6.133841932082904 |
Encrypted: | false |
SSDEEP: | 12288:zZMIgYkGOh9h2Vfn2ZQfhT5zhONOqXtVt1tih5c3S:zZMIgYkG12+fA9iha3S |
MD5: | EA3A9D42CE0D9EBDB689FF7A3B79AF82 |
SHA1: | 18A2E0E88EC80FEACF506709134A9B883D40F5FD |
SHA-256: | 87D7A5041B934E52A891161B83ADF99DD23EB50363C3CAE7D29377C3EBBD129E |
SHA-512: | 299AA3CBABA34861E3F465FCA57F9C702953F58D49DF1EB341247C66652B096D65E29B63AE3D23E2A380DD7815AD247AA1751B61F111F1C6FBD5A0AA3A473510 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 2420312 |
Entropy (8bit): | 6.633009244683866 |
Encrypted: | false |
SSDEEP: | 49152:CjIbZhXddeDrsOHgc69kXvQUs2cwE9osptfy4ui3u70vgvee2VRQuz/TjifpTPbn:3b/tsscD69kXvQUs2cwWosptfy4ui3ul |
MD5: | 6111E3EFE0F6FE0E037642DDEAA34BF6 |
SHA1: | 1CA5AE6607941C89A27E7C6BE76CFA40341B2C9E |
SHA-256: | A86E52B8074B159301DDFE8E0FA54F113B1D3B35DA68D5802F8B0BE03EF4D426 |
SHA-512: | 4BB25F81AC188BC7AB3179C62AAB29FEF1FFF86E35D0EE03E49C6F1410E284C428C518D0D01539E7B5F9E939A814E522225042DECE8F8104CA3CB9C2F5333652 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 32931 |
Entropy (8bit): | 5.824660809533723 |
Encrypted: | false |
SSDEEP: | 384:PsQPJwxTwqjhzFFNjkSUiZqBRgFrij5q4VHrSrRAyMpRJxF:EQAwqNzFFdkSU3BRkri11vF |
MD5: | 87266FAFF9BEA0D9464D17AE6F99C742 |
SHA1: | ADF6AF84FBC9A721AB45C52CDF99ED530B59CE00 |
SHA-256: | 692184F7D1272B8D1EC73A56C91D6C94C4E8F2C49FD1BE6DD3F6D75BFC48574F |
SHA-512: | 3B226432B2768D9B568BD30E80C58842E943F61B73C0A6BDD6F001DAB5EFF85F913605AEF196999E51E617A20E2CA1A011453A902F8112E597C8EAD361F1C7BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 166 |
Entropy (8bit): | 4.251107294008479 |
Encrypted: | false |
SSDEEP: | 3:Q9F7JzKW9gQCrK4lJh2gpxVtIb3DFVg/C6czoKYd6mRXTWo:GzKW+9bh2UVts35KqndUt |
MD5: | 240DF71B1A110C4DCEFFC1B77751B781 |
SHA1: | 5BAD7EA4FB4D3EFEF27770CD61358CA9012E37AF |
SHA-256: | 06C74EF5EF53344C78C9AF2B29DC458A2ABE93F1BFF429705955C033E7A0686F |
SHA-512: | EB9A441A8DDCD33FF123252515DE683E6C8FA8ACFD43EB43607944CF0E22914694C33B02D7954F30A0BD71890AFFC78894E4DC44FCBCCA93D3F0A8E0E14E535A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 7773 |
Entropy (8bit): | 3.914996300655631 |
Encrypted: | false |
SSDEEP: | 192:0113YtclMr+IBl3bP4DSmfr4UP7pExjzkoAwCCgHn43Z+L:aytv9/3bPItopCZH43Zg |
MD5: | AE3EC28A13AC41F5D99070FDD8A669BA |
SHA1: | D0260CB4862CAA44C520E1DEB505A7033F4E66E2 |
SHA-256: | E648EFED59808D6B9ED554763A241FA7CC663A0B95CE6FAE83DBEEEE98B6B6F6 |
SHA-512: | DE466C5BBF4E01A2A2A31F540AD23176E1F407BD7C76FAD2AE61023C0A48D3F35BDB653C44E6206E753FE1A36BC3A7BFB55074E91528C81E1B54773A7A11E072 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 3202504 |
Entropy (8bit): | 6.332943576053673 |
Encrypted: | false |
SSDEEP: | 49152:7EA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:/92bz2Eb6pd7B6bAGx7s333T |
MD5: | 7FD3620B726C3B90AD03266C3942ACA9 |
SHA1: | 66C0F6DB3E34003F6C5367B45D81D7533C284C8B |
SHA-256: | 3FB2CE91C0814D3D7F236496FE5374EF6FF502132A3FA30DEEDC3E22B910CA7B |
SHA-512: | 881EEED7EF5CF189511EB2D07C616B0CACE7AFF8D787514FB56293E01BF164A4C65783ACABD95787B33829CA38BA08FE684F207BDCB200D294D2602B3798F076 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 23859 |
Entropy (8bit): | 3.2764469892752675 |
Encrypted: | false |
SSDEEP: | 192:uhjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvo:uhK6CHr6fSX+7Q1U5YQDztB/B3o |
MD5: | D4C511AD6BB3CBC7C799CB17446C6A06 |
SHA1: | A7B7FFF7F413E93C0ECBF8753814EF530EA1F09D |
SHA-256: | 4712AD03199E753531D6D79AB06249D84FF1D69921B75462F39172E3287F9784 |
SHA-512: | 7F9208CD9DB5464C2A24160666F9132DF587BA1A902F7F35E9228FC5490C5925503C50938C391AF7AD137D136AA571C036DDF3493110BF8EE467E34F61ADBBB6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1089 |
Entropy (8bit): | 4.693188686860934 |
Encrypted: | false |
SSDEEP: | 24:8mx7DX5dOE4KW6AgKdI7DdIXUUE5r7aB6m:8mJT5dOnpgKdI7DdIESB6 |
MD5: | 68B11AD2E3DBFD11DF2A9601BD3D8654 |
SHA1: | BB38851AD49ABD9B1C1DCC92D45D02EFFCD5BDBA |
SHA-256: | A087318E1CE086838F8F12857A7615D355818CBCC45C911E7E1E76C0D43F9641 |
SHA-512: | 5EAB7888FDED80ABC4D8A77C88E495F40B230FFE47ED722C3B4A56AD2A3D8E424729FECEE52D4358C40883BBB0F56C12E8A4C8E136E27546A92E6FE7DEBB10D7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YogaDNS\YogaDNS Service Manager.lnk
Download File
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1119 |
Entropy (8bit): | 4.69211323982247 |
Encrypted: | false |
SSDEEP: | 24:8mgDX5dOE4KNHoJACI8dIV0dIXUUkSC7aB6m:8mgT5dOgoKCI8dIV0dIEXSTB6 |
MD5: | DCAD4E6F9044CED37C5A6AFDA5BBB0AA |
SHA1: | 158338AE4351F9C979634ADB28705E7C63BBC135 |
SHA-256: | 199B65CCC37428AFF9AF5453A8BE99CC0C0CF2CD2CB8D78A04E293A2EBFC9D77 |
SHA-512: | F8D7BAB66C4464073E0D27E7A405F98101DAA3D00852463C6D36582021486090AF8D60D8AFA727D592E27DC2C3D5B2190F1C0256BBE8FA2A0F397CAFAC88D8A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1082 |
Entropy (8bit): | 4.648941379144392 |
Encrypted: | false |
SSDEEP: | 24:8mnsW9C0dOE4KeAsYtdIhdIXUUxwh7aB6m:8msW93dOysYtdIhdIEiB6 |
MD5: | F4A1B49AB3CCB18903FABE99D743AD54 |
SHA1: | AE73CF62962B659BB4E46E3B7FB3EC4D07A7DE21 |
SHA-256: | 11AFA9D5D7C21949EA98478BAF101B5B1ECA7F71875BA181C16048E83D2CD841 |
SHA-512: | AD5FE9DBA30D65382113F0D5AF695C0F289B9EF50C3C1060058ED0DA8A1929CABF026F0CC4073E17311BF24FF12E6774BBFAD5CEB5D27DF6976080248B9A6B5F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 1064 |
Entropy (8bit): | 4.664852396082318 |
Encrypted: | false |
SSDEEP: | 24:8mnsWDX5dOE4KeAsYAdIhdIXUUxwh7aB6m:8msWT5dOysYAdIhdIEiB6 |
MD5: | 793B088683980F03B585254FA68DEBA2 |
SHA1: | B74BF4FCC98272C2D0A23619D331270AB5AB0310 |
SHA-256: | 8076855DDC87202D0BE6B372D6A0622C5D20E73909BE1C8C3A25A9B7A07C9A77 |
SHA-512: | 9323E583A1D47B1B5B64E5DE979D814D255C01E6F5F34ED9FC08F94E89D2B85ECC6BE6E2EE356C79CA7C57DFD1188481AA173F2BFEE8F183CCEA7FE4C9241C02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\runonce.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24576 |
Entropy (8bit): | 2.088980131437431 |
Encrypted: | false |
SSDEEP: | 384:tV5ptOJViAbInBgC7kirGBZMqjFioiovryHhi9DtaKjhYNbWrOHvKfs+rXreS7uS:M |
MD5: | 4C4DF6618D2E1CA29A306F6792C93946 |
SHA1: | 0BE8E86C8E15A2FFC11228EB50E0A15C57DCEC2E |
SHA-256: | 2EFB2E29C5D95C865E8C34626348E840469C17067A8304A2001C45DCB5F81B28 |
SHA-512: | 4FE56058E9F5140DECC55AC0270B2A2E85604F25F7BDF0724D6774225877DBF08148BF16724BC75EC8E3314291F6529B7CE9EDFCD00924B3D723F6A44E76CDC7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\YogaDNSSetup.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3202504 |
Entropy (8bit): | 6.332943576053673 |
Encrypted: | false |
SSDEEP: | 49152:7EA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:/92bz2Eb6pd7B6bAGx7s333T |
MD5: | 7FD3620B726C3B90AD03266C3942ACA9 |
SHA1: | 66C0F6DB3E34003F6C5367B45D81D7533C284C8B |
SHA-256: | 3FB2CE91C0814D3D7F236496FE5374EF6FF502132A3FA30DEEDC3E22B910CA7B |
SHA-512: | 881EEED7EF5CF189511EB2D07C616B0CACE7AFF8D787514FB56293E01BF164A4C65783ACABD95787B33829CA38BA08FE684F207BDCB200D294D2602B3798F076 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\YogaDNS\YogaDNS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 809 |
Entropy (8bit): | 5.100701957486456 |
Encrypted: | false |
SSDEEP: | 24:2dtbeMpRK/mxLzjQOFMGA9pYkFMGA9pYshOSCe:cFeMpRumdjzmukmuGX |
MD5: | 2DF9805DB557BF2494A8BBB69D55F083 |
SHA1: | 4C1BE30CF5B2BD9C6B761066BD320CE93CAB4869 |
SHA-256: | EF2D62BEBA6A6BBCECE17AB0C0783B9F43FF1CD896661FBF391C8F2C3AC0BAA4 |
SHA-512: | B0589D8526D388AF9E01454839FC824AC6C4F22DF4CEAF048498C0A00900BA01EF0A2AEC1AC07D14078A16AA922DF070FA882E13E702675EA7334AB79D111417 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58632 |
Entropy (8bit): | 6.718713880471932 |
Encrypted: | false |
SSDEEP: | 768:HdqUkP+xiUHZXT9mJSo8+6fbdzGgHUFBchr2D4yV3hJEb32nZ49z7:9ZHZXT9M8j5Gg0FBchqx3hJEblz7 |
MD5: | C12325E60A0F44F7F0DFA85877ED9C84 |
SHA1: | 79C468B60B59CD7E5BA4806C4FD512A93F444E95 |
SHA-256: | 6E550B6BBE69AA490EE69CCBFDD3084EAD8EA1C94166ACB13161C6F8F5E54B24 |
SHA-512: | 2DBF96D7603545A3420503A7B28E77747166175EE70EE6AA9CAEDEE011FC8BEC14019572CB94D53A2676E1CF446537AFBD950F3ADE2BA107810A2E1527EF367F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58632 |
Entropy (8bit): | 6.718713880471932 |
Encrypted: | false |
SSDEEP: | 768:HdqUkP+xiUHZXT9mJSo8+6fbdzGgHUFBchr2D4yV3hJEb32nZ49z7:9ZHZXT9M8j5Gg0FBchqx3hJEblz7 |
MD5: | C12325E60A0F44F7F0DFA85877ED9C84 |
SHA1: | 79C468B60B59CD7E5BA4806C4FD512A93F444E95 |
SHA-256: | 6E550B6BBE69AA490EE69CCBFDD3084EAD8EA1C94166ACB13161C6F8F5E54B24 |
SHA-512: | 2DBF96D7603545A3420503A7B28E77747166175EE70EE6AA9CAEDEE011FC8BEC14019572CB94D53A2676E1CF446537AFBD950F3ADE2BA107810A2E1527EF367F |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.953715763725193 |
TrID: |
|
File name: | YogaDNSSetup.exe |
File size: | 8517648 |
MD5: | ac752df0ebb3fc9fcbb3b906b4050c17 |
SHA1: | 7f4686f519ffcab1510a6c422206387b3a89c134 |
SHA256: | 2224b2d7b8fc7782f59ef6cbf8b15f98051309b2c6ab395836563954ce63b1e9 |
SHA512: | 5a9a0c39f2ab33de33de061923a14cd099f6bc00f5238aceba4a7444c685da29f47f569251dc8db0fc209aeaa94644ca71e0a231e37307feb5ec61aec2642650 |
SSDEEP: | 196608:lOh/ZavRjVT27MFXpmeXz4aUm6jpbYE3yHL:E9AvRh27aXcefHL |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 5030d06cecec80aa |
Entrypoint: | 0x4b5eec |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 1 |
File Version Major: | 6 |
File Version Minor: | 1 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 1 |
Import Hash: | 5a594319a0d69dbc452e748bcf05892e |
Signature Valid: | true |
Signature Issuer: | CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 32C66817CAB5463935C5B15C9ADA5C80 |
Thumbprint SHA-1: | D19CA782F95AD17B9EFCB47F6131D2E2124480DD |
Thumbprint SHA-256: | 9162B5093AF3079FF2B6478391645B8401D0AFC8385C93A7870CFB71E5A3BE2D |
Serial: | 3C6A8679F7B3FAA3AB61E213 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 004B10F0h |
call 00007F65FCA814E5h |
xor eax, eax |
push ebp |
push 004B65E2h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 004B659Eh |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [004BE634h] |
call 00007F65FCB23C0Fh |
call 00007F65FCB23762h |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007F65FCA96F58h |
mov edx, dword ptr [ebp-14h] |
mov eax, 004C1D84h |
call 00007F65FCA7C0D7h |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [004C1D84h] |
mov dl, 01h |
mov eax, dword ptr [004237A4h] |
call 00007F65FCA97FBFh |
mov dword ptr [004C1D88h], eax |
xor edx, edx |
push ebp |
push 004B654Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F65FCB23C97h |
mov dword ptr [004C1D90h], eax |
mov eax, dword ptr [004C1D90h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007F65FCB2A27Ah |
mov eax, dword ptr [004C1D90h] |
mov edx, 00000028h |
call 00007F65FCA988B4h |
mov edx, dword ptr [004C1D90h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc4000 | 0x9a | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc2000 | 0xf36 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x10e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x81d850 | 0x1fc0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc6000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc22e4 | 0x244 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xc3000 | 0x1a4 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb361c | 0xb3800 | False | 0.344863934105 | data | 6.35605820433 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.itext | 0xb5000 | 0x1688 | 0x1800 | False | 0.544921875 | data | 5.97275005522 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0xb7000 | 0x37a4 | 0x3800 | False | 0.360979352679 | data | 5.04440056201 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.bss | 0xbb000 | 0x6de8 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0xc2000 | 0xf36 | 0x1000 | False | 0.3681640625 | data | 4.89870464796 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.didata | 0xc3000 | 0x1a4 | 0x200 | False | 0.345703125 | data | 2.75636286825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.edata | 0xc4000 | 0x9a | 0x200 | False | 0.2578125 | data | 1.87222286659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0xc5000 | 0x18 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0xc6000 | 0x5d | 0x200 | False | 0.189453125 | data | 1.38389437522 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc7000 | 0x10e00 | 0x10e00 | False | 0.188990162037 | data | 3.71313503088 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xc7678 | 0xa68 | dBase IV DBT of \200.DBF, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc80e0 | 0x668 | data | English | United States |
RT_ICON | 0xc8748 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc8a30 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc8b58 | 0x1628 | dBase IV DBT of \200.DBF, blocks size 0, block length 4096, next free block index 40, next free block 0, next used block 101056512 | English | United States |
RT_ICON | 0xca180 | 0xea8 | data | English | United States |
RT_ICON | 0xcb028 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xcb8d0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xcbe38 | 0x12e5 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xcd120 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4244635647, next used block 4294967295 | English | United States |
RT_ICON | 0xd1348 | 0x25a8 | data | English | United States |
RT_ICON | 0xd38f0 | 0x10a8 | data | English | United States |
RT_ICON | 0xd4998 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_STRING | 0xd4e00 | 0x360 | data | ||
RT_STRING | 0xd5160 | 0x260 | data | ||
RT_STRING | 0xd53c0 | 0x45c | data | ||
RT_STRING | 0xd581c | 0x40c | data | ||
RT_STRING | 0xd5c28 | 0x2d4 | data | ||
RT_STRING | 0xd5efc | 0xb8 | data | ||
RT_STRING | 0xd5fb4 | 0x9c | data | ||
RT_STRING | 0xd6050 | 0x374 | data | ||
RT_STRING | 0xd63c4 | 0x398 | data | ||
RT_STRING | 0xd675c | 0x368 | data | ||
RT_STRING | 0xd6ac4 | 0x2a4 | data | ||
RT_RCDATA | 0xd6d68 | 0x10 | data | ||
RT_RCDATA | 0xd6d78 | 0x2c4 | data | ||
RT_RCDATA | 0xd703c | 0x2c | data | ||
RT_GROUP_ICON | 0xd7068 | 0xbc | data | English | United States |
RT_VERSION | 0xd7124 | 0x584 | data | English | United States |
RT_MANIFEST | 0xd76a8 | 0x726 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
kernel32.dll | GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale |
comctl32.dll | InitCommonControls |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
user32.dll | CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
advapi32.dll | RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x454060 |
__dbk_fcall_wrapper | 2 | 0x40d0a0 |
dbkFCallWrapperAddr | 1 | 0x4be63c |
Description | Data |
---|---|
LegalCopyright | Copyright 2018-2022 Initex. All rights reserved. |
FileVersion | 1.31.0.1 |
CompanyName | Initex |
Comments | This installation was built with Inno Setup. |
ProductName | YogaDNS |
ProductVersion | 1.31 |
FileDescription | YogaDNS Setup |
OriginalFileName | |
Translation | 0x0000 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2022 00:04:15.286613941 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:15.286668062 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:15.286777020 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:15.952944994 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:15.952985048 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.261466026 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.261624098 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.754159927 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.754194021 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.754605055 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.754750967 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.757684946 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.798190117 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.855345011 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.855567932 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Mar 30, 2022 00:04:16.855664015 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.855695963 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.857202053 CEST | 49781 | 443 | 192.168.2.4 | 172.104.9.252 |
Mar 30, 2022 00:04:16.857242107 CEST | 443 | 49781 | 172.104.9.252 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2022 00:04:15.211683989 CEST | 58171 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 30, 2022 00:04:15.234991074 CEST | 53 | 58171 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 30, 2022 00:04:15.211683989 CEST | 192.168.2.4 | 8.8.8.8 | 0x2fb6 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 30, 2022 00:04:15.234991074 CEST | 8.8.8.8 | 192.168.2.4 | 0x2fb6 | No error (0) | yogadns.com | CNAME (Canonical name) | IN (0x0001) | ||
Mar 30, 2022 00:04:15.234991074 CEST | 8.8.8.8 | 192.168.2.4 | 0x2fb6 | No error (0) | 172.104.9.252 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49781 | 172.104.9.252 | 443 | C:\Program Files (x86)\YogaDNS\YogaDNS.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-03-29 22:04:16 UTC | 0 | OUT | |
2022-03-29 22:04:16 UTC | 0 | IN | |
2022-03-29 22:04:16 UTC | 0 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:03:15 |
Start date: | 30/03/2022 |
Path: | C:\Users\user\Desktop\YogaDNSSetup.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 8517648 bytes |
MD5 hash: | AC752DF0EBB3FC9FCBB3B906B4050C17 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Target ID: | 2 |
Start time: | 00:03:17 |
Start date: | 30/03/2022 |
Path: | C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3202504 bytes |
MD5 hash: | 7FD3620B726C3B90AD03266C3942ACA9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Target ID: | 14 |
Start time: | 00:04:02 |
Start date: | 30/03/2022 |
Path: | C:\Program Files (x86)\YogaDNS\YogaDNS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 4972464 bytes |
MD5 hash: | FB51F3CA7F0785C5AF983D599F715FF3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 15 |
Start time: | 00:04:06 |
Start date: | 30/03/2022 |
Path: | C:\Windows\SysWOW64\net.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 46592 bytes |
MD5 hash: | DD0561156F62BC1958CE0E370B23711B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 16 |
Start time: | 00:04:06 |
Start date: | 30/03/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff647620000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 18 |
Start time: | 00:04:07 |
Start date: | 30/03/2022 |
Path: | C:\Windows\SysWOW64\net1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x70000 |
File size: | 141312 bytes |
MD5 hash: | B5A26C2BF17222E86B91D26F1247AF3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 19 |
Start time: | 00:04:08 |
Start date: | 30/03/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff696ff0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 20 |
Start time: | 00:04:09 |
Start date: | 30/03/2022 |
Path: | C:\Windows\System32\runonce.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75c880000 |
File size: | 57856 bytes |
MD5 hash: | 5F3BE52A00D8C741AE0B7FCE861F90AD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 21 |
Start time: | 00:04:10 |
Start date: | 30/03/2022 |
Path: | C:\Program Files (x86)\YogaDNS\YogaDNS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 4972464 bytes |
MD5 hash: | FB51F3CA7F0785C5AF983D599F715FF3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 22 |
Start time: | 00:04:11 |
Start date: | 30/03/2022 |
Path: | C:\Windows\System32\grpconv.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79f340000 |
File size: | 50688 bytes |
MD5 hash: | 7E727D9259367AF1C140377A4BF173C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 23 |
Start time: | 00:04:21 |
Start date: | 30/03/2022 |
Path: | C:\Program Files (x86)\YogaDNS\YogaDNS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 4972464 bytes |
MD5 hash: | FB51F3CA7F0785C5AF983D599F715FF3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 3.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 11.9% |
Total number of Nodes: | 837 |
Total number of Limit Nodes: | 31 |
Graph
Function 004B5114 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF91C Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B044 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AEF4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AB18 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040426C Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
Control-flow Graph
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B60E8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165windowCOMMON
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF728 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403EE8 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407748 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B5000 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF1B4 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FF94 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B110 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B234 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427154 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421230 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052D4 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004232EC Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422A18 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423DA8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409FA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423ED8 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CAA4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BCC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CF6 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A928 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF110 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF9F0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4CC Relevance: 4.6, APIs: 3, Instructions: 99COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A4DC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E034 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E080 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AF218 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C3D8 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004255DC Relevance: .5, Instructions: 545COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004323DC Relevance: .4, Instructions: 408COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9C4 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AE0 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E7CC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A250 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E0AC Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042301C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D218 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404464 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004971AC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406424 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 36% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004076B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042931C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004AFA44 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
C-Code - Quality: 34% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F9B8 Relevance: 7.8, APIs: 5, Instructions: 335COMMON
C-Code - Quality: 69% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EEFC Relevance: 6.1, APIs: 4, Instructions: 113COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A6C8 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 9.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.7% |
Total number of Nodes: | 1617 |
Total number of Limit Nodes: | 94 |
Graph
Function 005C7CE0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 181memoryCOMMON
Control-flow Graph
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7F0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0062CFB8 Relevance: 3.1, APIs: 2, Instructions: 52comCOMMON
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060C2B0 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E6A0 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E2C4 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
Control-flow Graph
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F80 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
Control-flow Graph
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C92C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowregistryCOMMON
Control-flow Graph
C-Code - Quality: 69% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423A20 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409EF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409EF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060C038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60processCOMMON
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060EFD8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ACABC Relevance: 6.0, APIs: 4, Instructions: 34sleepCOMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AE3C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AC180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AC0D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C7A14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060DCC8 Relevance: 3.2, APIs: 2, Instructions: 192fileCOMMON
C-Code - Quality: 63% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D0A74 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8BC Relevance: 3.1, APIs: 2, Instructions: 93COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9E0 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005ABB4C Relevance: 3.0, APIs: 2, Instructions: 50threadCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060C158 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060C664 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B848 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B8250 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AC477 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AC4CA Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004786AC Relevance: 3.0, APIs: 2, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406DF0 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B58 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004236FC Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C857C Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C6808 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D754 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005118B8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C68A4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C685C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424020 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B8A3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ACE20 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047845C Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405812 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00625754 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187pipeprocessfileCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E0D4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060F6D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A68B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172windowCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B8DE4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C90B4 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C8B3C Relevance: 3.0, APIs: 2, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060E4D8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 253registryCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0062709C Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162registryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00625D14 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B740C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 145fileCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00625FC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124pipeCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C7FF4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062CC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006158C4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 239windowCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A5F04 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72fileCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408BB4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 36% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E60 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043171C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AE6F8 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0060D3B4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105fileCOMMON
C-Code - Quality: 39% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006153AC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0059BDE0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B631C Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B6998 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
C-Code - Quality: 55% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0062460C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54registryCOMMON
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00626F48 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C86E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31windowCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DE74 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CE374 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F53AC Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005B9590 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046A218 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050E958 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006A5D88 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F5548 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 7.4% |
Total number of Nodes: | 54 |
Total number of Limit Nodes: | 5 |
Graph
Callgraph
Function 01210ED5 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01210E20 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0121B271 Relevance: .0, Instructions: 30COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 54 |
Total number of Limit Nodes: | 5 |
Graph
Callgraph
Function 01210ED5 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01210E20 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 54 |
Total number of Limit Nodes: | 5 |
Graph
Callgraph
Function 01210ED5 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01210E20 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |