Windows
Analysis Report
x64.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 7108 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\x64 .dll" MD5: 4E8A40CAD6CCC047914E3A7830A2D8AA) - cmd.exe (PID: 7144 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\x64 .dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 7164 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\x64. dll",#1 MD5: 73C519F050C20580F8A62C849D49215A) - rundll32.exe (PID: 7152 cmdline:
rundll32.e xe C:\User s\user\Des ktop\x64.d ll,IsInter activeUser Session MD5: 73C519F050C20580F8A62C849D49215A) - explorer.exe (PID: 684 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - wermgr.exe (PID: 4784 cmdline:
C:\Windows \system32\ wermgr.exe MD5: FF214585BF10206E21EA8EBA202FACFD) - cmd.exe (PID: 7136 cmdline:
"C:\Window s\system32 \cmd.exe" /c C:\User s\user\App Data\Local \Temp\Cjaq .cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 2928 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - wermgr.exe (PID: 4176 cmdline:
"C:\Users\ user\AppDa ta\Roaming \R3POs\wer mgr.exe" MD5: FF214585BF10206E21EA8EBA202FACFD) - MDMAppInstaller.exe (PID: 2812 cmdline:
C:\Windows \system32\ MDMAppInst aller.exe MD5: E2C777B6E3CE4C15C5657429A63787A3) - cmd.exe (PID: 5144 cmdline:
"C:\Window s\system32 \cmd.exe" /c C:\User s\user\App Data\Local \Temp\tkcf Go.cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 4212 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - wermgr.exe (PID: 5388 cmdline:
"C:\Users\ user\AppDa ta\Roaming \R3POs\wer mgr.exe" MD5: FF214585BF10206E21EA8EBA202FACFD) - schtasks.exe (PID: 4452 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /F /TN "Jvadjthzp d" /TR C:\ Windows\sy stem32\CCA L\MDMAppIn staller.ex e /SC minu te /MO 60 /RL highes t MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 5560 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - wermgr.exe (PID: 4164 cmdline:
"C:\Users\ user\AppDa ta\Roaming \R3POs\wer mgr.exe" MD5: FF214585BF10206E21EA8EBA202FACFD) - schtasks.exe (PID: 5080 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 4788 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 5500 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 3464 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 5744 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 3488 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 7092 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 6756 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 6344 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 5188 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 384 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 3012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 5228 cmdline:
schtasks.e xe /Query /TN "Jvadj thzpd" MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 5220 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - rundll32.exe (PID: 5980 cmdline:
rundll32.e xe C:\User s\user\Des ktop\x64.d ll,QueryAc tiveSessio n MD5: 73C519F050C20580F8A62C849D49215A) - rundll32.exe (PID: 5888 cmdline:
rundll32.e xe C:\User s\user\Des ktop\x64.d ll,QueryUs erToken MD5: 73C519F050C20580F8A62C849D49215A)
- MDMAppInstaller.exe (PID: 5232 cmdline:
C:\Windows \system32\ CCAL\MDMAp pInstaller .exe MD5: E2C777B6E3CE4C15C5657429A63787A3)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 4 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 31_2_00007FF6C524E64C | |
Source: | Code function: | 31_2_00007FF6C524E934 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_0000000140049724 | |
Source: | Code function: | 24_2_00007FF7E4391BA0 | |
Source: | Code function: | 24_2_00007FF7E438BE54 | |
Source: | Code function: | 28_2_00007FF7E4391BA0 | |
Source: | Code function: | 28_2_00007FF7E438BE54 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File created: | Jump to behavior |
Source: | Code function: | 1_2_000000014005284C | |
Source: | Code function: | 1_2_0000000140048A4C | |
Source: | Code function: | 1_2_0000000140040370 | |
Source: | Code function: | 1_2_00000001400343E8 | |
Source: | Code function: | 1_2_0000000140026C74 | |
Source: | Code function: | 1_2_000000014004F4D0 | |
Source: | Code function: | 1_2_0000000140049CE8 | |
Source: | Code function: | 1_2_000000014004357C | |
Source: | Code function: | 1_2_000000014003DEEC | |
Source: | Code function: | 1_2_0000000140036778 | |
Source: | Code function: | 1_2_0000000140022004 | |
Source: | Code function: | 1_2_0000000140060014 | |
Source: | Code function: | 1_2_0000000140024028 | |
Source: | Code function: | 1_2_000000014002782C | |
Source: | Code function: | 1_2_000000014002E030 | |
Source: | Code function: | 1_2_000000014005582B | |
Source: | Code function: | 1_2_0000000140034044 | |
Source: | Code function: | 1_2_000000014000F848 | |
Source: | Code function: | 1_2_000000014003D878 | |
Source: | Code function: | 1_2_0000000140020094 | |
Source: | Code function: | 1_2_000000014002F8A4 | |
Source: | Code function: | 1_2_00000001400280AC | |
Source: | Code function: | 1_2_000000014004F0AC | |
Source: | Code function: | 1_2_00000001400410B4 | |
Source: | Code function: | 1_2_00000001400150E4 | |
Source: | Code function: | 1_2_0000000140066100 | |
Source: | Code function: | 1_2_0000000140025100 | |
Source: | Code function: | 1_2_000000014004D914 | |
Source: | Code function: | 1_2_0000000140033124 | |
Source: | Code function: | 1_2_0000000140032128 | |
Source: | Code function: | 1_2_0000000140025930 | |
Source: | Code function: | 1_2_0000000140005950 | |
Source: | Code function: | 1_2_000000014004E954 | |
Source: | Code function: | 1_2_0000000140001158 | |
Source: | Code function: | 1_2_000000014003796C | |
Source: | Code function: | 1_2_0000000140049980 | |
Source: | Code function: | 1_2_0000000140039990 | |
Source: | Code function: | 1_2_000000014002F198 | |
Source: | Code function: | 1_2_00000001400389A4 | |
Source: | Code function: | 1_2_00000001400099AC | |
Source: | Code function: | 1_2_00000001400659F0 | |
Source: | Code function: | 1_2_000000014002EA1C | |
Source: | Code function: | 1_2_0000000140055A4D | |
Source: | Code function: | 1_2_000000014005A24C | |
Source: | Code function: | 1_2_000000014001B250 | |
Source: | Code function: | 1_2_0000000140001A78 | |
Source: | Code function: | 1_2_0000000140007284 | |
Source: | Code function: | 1_2_0000000140061283 | |
Source: | Code function: | 1_2_0000000140061A90 | |
Source: | Code function: | 1_2_00000001400642A0 | |
Source: | Code function: | 1_2_000000014002DAA4 | |
Source: | Code function: | 1_2_0000000140043AC0 | |
Source: | Code function: | 1_2_0000000140019AC4 | |
Source: | Code function: | 1_2_00000001400512E0 | |
Source: | Code function: | 1_2_00000001400162E0 | |
Source: | Code function: | 1_2_000000014002BAEC | |
Source: | Code function: | 1_2_0000000140006AEC | |
Source: | Code function: | 1_2_0000000140063324 | |
Source: | Code function: | 1_2_0000000140013B64 | |
Source: | Code function: | 1_2_0000000140055364 | |
Source: | Code function: | 1_2_0000000140019378 | |
Source: | Code function: | 1_2_0000000140060B8C | |
Source: | Code function: | 1_2_000000014001A394 | |
Source: | Code function: | 1_2_0000000140008B94 | |
Source: | Code function: | 1_2_000000014004BBBC | |
Source: | Code function: | 1_2_0000000140021BD8 | |
Source: | Code function: | 1_2_00000001400243E0 | |
Source: | Code function: | 1_2_000000014002B3F3 | |
Source: | Code function: | 1_2_0000000140004C0C | |
Source: | Code function: | 1_2_000000014002B429 | |
Source: | Code function: | 1_2_0000000140012474 | |
Source: | Code function: | 1_2_000000014000AC74 | |
Source: | Code function: | 1_2_0000000140038478 | |
Source: | Code function: | 1_2_000000014004FC74 | |
Source: | Code function: | 1_2_000000014002747C | |
Source: | Code function: | 1_2_000000014002A4A4 | |
Source: | Code function: | 1_2_000000014001B4AC | |
Source: | Code function: | 1_2_000000014004A4B0 | |
Source: | Code function: | 1_2_0000000140063CB4 | |
Source: | Code function: | 1_2_000000014002F4B8 | |
Source: | Code function: | 1_2_0000000140003CC4 | |
Source: | Code function: | 1_2_000000014000ECD0 | |
Source: | Code function: | 1_2_0000000140017CD4 | |
Source: | Code function: | 1_2_0000000140044CD8 | |
Source: | Code function: | 1_2_000000014004ECF8 | |
Source: | Code function: | 1_2_0000000140042504 | |
Source: | Code function: | 1_2_0000000140026534 | |
Source: | Code function: | 1_2_000000014002AD38 | |
Source: | Code function: | 1_2_0000000140022D50 | |
Source: | Code function: | 1_2_0000000140029550 | |
Source: | Code function: | 1_2_0000000140012D8C | |
Source: | Code function: | 1_2_0000000140051D90 | |
Source: | Code function: | 1_2_0000000140006D94 | |
Source: | Code function: | 1_2_00000001400515A0 | |
Source: | Code function: | 1_2_00000001400285AC | |
Source: | Code function: | 1_2_0000000140031DCC | |
Source: | Code function: | 1_2_00000001400365D0 | |
Source: | Code function: | 1_2_00000001400205D8 | |
Source: | Code function: | 1_2_0000000140011DE4 | |
Source: | Code function: | 1_2_000000014004D5EC | |
Source: | Code function: | 1_2_000000014003A60C | |
Source: | Code function: | 1_2_0000000140021E1C | |
Source: | Code function: | 1_2_0000000140023E1C | |
Source: | Code function: | 1_2_000000014004E628 | |
Source: | Code function: | 1_2_000000014004CE2C | |
Source: | Code function: | 1_2_0000000140018638 | |
Source: | Code function: | 1_2_0000000140004E38 | |
Source: | Code function: | 1_2_0000000140014644 | |
Source: | Code function: | 1_2_000000014002EE48 | |
Source: | Code function: | 1_2_000000014004A660 | |
Source: | Code function: | 1_2_0000000140053670 | |
Source: | Code function: | 1_2_000000014003AE70 | |
Source: | Code function: | 1_2_0000000140031670 | |
Source: | Code function: | 1_2_000000014002D694 | |
Source: | Code function: | 1_2_0000000140036E98 | |
Source: | Code function: | 1_2_000000014000D69C | |
Source: | Code function: | 1_2_0000000140050EA8 | |
Source: | Code function: | 1_2_0000000140053EC0 | |
Source: | Code function: | 1_2_000000014001BEC8 | |
Source: | Code function: | 1_2_00000001400466C4 | |
Source: | Code function: | 1_2_000000014004EF0C | |
Source: | Code function: | 1_2_0000000140017F40 | |
Source: | Code function: | 1_2_000000014001CF40 | |
Source: | Code function: | 1_2_0000000140041F3C | |
Source: | Code function: | 1_2_0000000140032750 | |
Source: | Code function: | 1_2_000000014000578C | |
Source: | Code function: | 1_2_00000001400137A0 | |
Source: | Code function: | 1_2_00000001400557A3 | |
Source: | Code function: | 1_2_000000014001C7CC | |
Source: | Code function: | 1_2_00000001400027DC | |
Source: | Code function: | 1_2_0000000140030FE0 | |
Source: | Code function: | 24_2_00007FF7E438E368 | |
Source: | Code function: | 24_2_00007FF7E4382F54 | |
Source: | Code function: | 24_2_00007FF7E438CFF0 | |
Source: | Code function: | 24_2_00007FF7E4390A58 | |
Source: | Code function: | 24_2_00007FF7E4392438 | |
Source: | Code function: | 24_2_00007FF7E4386848 | |
Source: | Code function: | 24_2_00007FF7E4387EFC | |
Source: | Code function: | 28_2_00007FF7E438E368 | |
Source: | Code function: | 28_2_00007FF7E4382F54 | |
Source: | Code function: | 28_2_00007FF7E438CFF0 | |
Source: | Code function: | 28_2_00007FF7E4390A58 | |
Source: | Code function: | 28_2_00007FF7E4392438 | |
Source: | Code function: | 28_2_00007FF7E4386848 | |
Source: | Code function: | 28_2_00007FF7E4387EFC | |
Source: | Code function: | 31_2_00007FF6C5244648 | |
Source: | Code function: | 31_2_00007FF6C52519D4 | |
Source: | Code function: | 31_2_00007FF6C5249630 | |
Source: | Code function: | 31_2_00007FF6C52549FF | |
Source: | Code function: | 31_2_00007FF6C524E934 | |
Source: | Code function: | 31_2_00007FF6C5243FAC | |
Source: | Code function: | 31_2_00007FF6C5246BDC |
Source: | Code function: | 31_2_00007FF6C5249630 |
Source: | Code function: | 1_2_000000014005284C | |
Source: | Code function: | 24_2_00007FF7E438E368 | |
Source: | Code function: | 24_2_00007FF7E4391F54 | |
Source: | Code function: | 24_2_00007FF7E4388404 | |
Source: | Code function: | 24_2_00007FF7E4392438 | |
Source: | Code function: | 24_2_00007FF7E43882EC | |
Source: | Code function: | 28_2_00007FF7E438E368 | |
Source: | Code function: | 28_2_00007FF7E4391F54 | |
Source: | Code function: | 28_2_00007FF7E4388404 | |
Source: | Code function: | 28_2_00007FF7E4392438 | |
Source: | Code function: | 28_2_00007FF7E43882EC |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Dropped File: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 24_2_00007FF7E4388F2C |
Source: | Code function: | 24_2_00007FF7E438DE98 | |
Source: | Code function: | 28_2_00007FF7E438DE98 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 24_2_00007FF7E4381A70 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_0000022245A3305A | |
Source: | Code function: | 3_2_000001F1DA32305A | |
Source: | Code function: | 4_2_0000022341CE305A | |
Source: | Code function: | 6_2_0000027E5758305A | |
Source: | Code function: | 8_2_0000025311A2305A | |
Source: | Code function: | 24_2_000001B48FD7305A | |
Source: | Code function: | 28_2_000001A589C4305A | |
Source: | Code function: | 31_2_000001989125305A | |
Source: | Code function: | 33_2_00000149ED6C305A |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | User mode code has changed: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 24_2_00007FF7E4387BC4 | |
Source: | Code function: | 28_2_00007FF7E4387BC4 |
Source: | Check user administrative privileges: | graph_1-60861 |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_000000014003EB14 |
Source: | Code function: | 1_2_0000000140049724 | |
Source: | Code function: | 24_2_00007FF7E4391BA0 | |
Source: | Code function: | 24_2_00007FF7E438BE54 | |
Source: | Code function: | 28_2_00007FF7E4391BA0 | |
Source: | Code function: | 28_2_00007FF7E438BE54 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 24_2_00007FF7E4382F54 |
Source: | Code function: | 24_2_00007FF7E438F158 |
Source: | Code function: | 1_2_0000000140040370 |
Source: | Code function: | 24_2_00007FF7E4393140 | |
Source: | Code function: | 24_2_00007FF7E4392B00 | |
Source: | Code function: | 28_2_00007FF7E4393140 | |
Source: | Code function: | 28_2_00007FF7E4392B00 | |
Source: | Code function: | 31_2_00007FF6C5253DF0 | |
Source: | Code function: | 31_2_00007FF6C5253BA4 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Thread APC queued: | Jump to behavior |
Source: | Atom created: | Jump to behavior | ||
Source: | Atom created: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 24_2_00007FF7E438AE50 |
Source: | Code function: | 24_2_00007FF7E4388B70 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 24_2_00007FF7E4387BC4 |
Source: | Code function: | 31_2_00007FF6C524F10C |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 1 Credential API Hooking | 11 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Exploitation for Client Execution | 1 Valid Accounts | 1 Valid Accounts | 3 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Credential API Hooking | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Scheduled Task/Job | 1 Windows Service | 1 Access Token Manipulation | 2 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | 1 Scheduled Task/Job | 1 Windows Service | 1 Timestomp | NTDS | 24 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | 1 Registry Run Keys / Startup Folder | 312 Process Injection | 1 DLL Side-Loading | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | 1 Scheduled Task/Job | 1 Rootkit | Cached Domain Credentials | 21 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | 1 Registry Run Keys / Startup Folder | 121 Masquerading | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Valid Accounts | Proc Filesystem | 1 System Owner/User Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 312 Process Injection | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | Virustotal | Browse | ||
37% | Metadefender | Browse | ||
79% | ReversingLabs | Win64.Infostealer.Dridex | ||
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 608207 |
Start date and time: 12/04/202221:44:07 | 2022-04-12 21:44:07 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | x64.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 47 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@52/10@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, kv801.prod.do.dsp.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtEnumerateKey calls found.
Time | Type | Description |
---|---|---|
21:46:16 | Autostart | |
21:46:25 | Autostart | |
21:46:34 | Autostart | |
21:46:37 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\R3POs\wermgr.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 229 |
Entropy (8bit): | 4.869685609305143 |
Encrypted: | false |
SSDEEP: | 6:8u5P9aZ51Me/N9aZ51d923f9X9aZ5IIpUQ:8u5sH1MueH1qGHnUQ |
MD5: | 03B3EA10D50CE5BB23379A28EA860902 |
SHA1: | 8DC17B421435CA1D98D53F1586229D175F448F48 |
SHA-256: | 0A3C5484A2F6190CFA103F7C4EB106C7F6C7E404B92780C3C0021E8EE9C5BEB5 |
SHA-512: | D60A16A86D863F97F2867E29AFA05887631D0E9ADAF2DF77E3B21B88E7EE36DC5B488ECCBC8A2F7D8D812BD8CB4B3188094A2B5E92148D781339152D34561448 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1064960 |
Entropy (8bit): | 5.552014205230675 |
Encrypted: | false |
SSDEEP: | 12288:BabbKACcbDWwVexYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:MaXcfWwgmKrhncQYlez5nGa84djgol |
MD5: | 0DDBAA45951517107B9702E6CCC87906 |
SHA1: | 370891865959F967B885A1EB9BFB459D73DF6105 |
SHA-256: | 6C7F57824FA935D6BAB9ED7127A484F05433BB12FB6A5B9A6581B1173C5A237A |
SHA-512: | 421D4DCE4D4A521AA3CEC731D9FE1BE95A2510BB29B4493859EFEF6AF8816A4C274D261A349D23113A448A35F8AEBE1D3786788840DDB0D4DC5D2C7338F4683B |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1069056 |
Entropy (8bit): | 5.550490003883871 |
Encrypted: | false |
SSDEEP: | 12288:UabbKACcbDWwVexYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:HaXcfWwgmKrhncQYlez5nGa84djgol |
MD5: | 6CB715AEF46D67EA68C59050D21B4522 |
SHA1: | F916645912DD962E8154073DF1AC4B707DFCC6D9 |
SHA-256: | EEE2DC41DA43B9601CB388825FC261C2FB0BBE60C7D3103574DE06CA694F01A1 |
SHA-512: | 971829FD75C1917ED49CCFFD9990D7E6E77850B232BB34461C0BAA65F9B1A97E297BD797379CB46080E76038704994AFA3817874959D0426FD67130E782624E5 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 204 |
Entropy (8bit): | 5.018347992860809 |
Encrypted: | false |
SSDEEP: | 6:8u5TAdXceTAJOXL4hAdd923f9bA8yTlJYxUQ:8u5MdXXXsudqFEVSxUQ |
MD5: | 60D9BF10F5BBC23ED46603A7E96335CD |
SHA1: | 56C387E5FBCBB2A4B8743C626155708018CC1015 |
SHA-256: | 6CDF96C322D18F07F818C7BA846B1CEF9F907635A17733B59AFBFEB5589960E9 |
SHA-512: | 2732D71724087D00EBB9EEAE5C4A7D3BA9D219E05768478F8676AAE5437B0670BF2272DCF53AF10F27C378C812E8BE34DF61793C477F5CA52B51A0326D5FC2AD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1451 |
Entropy (8bit): | 7.327678216261483 |
Encrypted: | false |
SSDEEP: | 24:nqXB8+xVUlTbLZi1ecX4i1509VRLg45UkBg7avUGK55c/bXwlzPrXRXmA:nq++rUlTRi1NB15ub09kBqe7wlzjXRXv |
MD5: | FB027688D1AE95BC43EFEBD156406E36 |
SHA1: | 440623C7FB1DA9860CA2A0543D10B4168C87E28E |
SHA-256: | 9DC137B94E67305A9989FFA97AEEB98831D6931F19ACD0B67207344F756AA01A |
SHA-512: | 051CBD81738899F933441D62B3D42C679680023B38B1F5D5441DC747F8A44F64F4BC3400F5341D1533D8164D2D703DB9819623D3C479B9F4EC7543DC1AEA4CDB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wraljbotdtpzzk.lnk
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 858 |
Entropy (8bit): | 5.131205962827585 |
Encrypted: | false |
SSDEEP: | 12:8y8++Q4CNjyjCoscwY//W4xvuLkcF6j6QKtFS7DYjABmHdRsx2fd1Ucm:8yIOkFsc3u4xQAkxAqJm |
MD5: | C69B35724D08B9AA7E320619F47BC2AA |
SHA1: | D9D1E55F9B2D691085F36220C28813D8D4D772ED |
SHA-256: | 863FB90F0016B1B2BCAD15CA9C075B4BFAC36B86283E996C834C1E87C16DF77A |
SHA-512: | 443F6844FC5BBFE4FB861DD1998BE002448804E6F625A9EC29D6C0AB05F221204D2E3739F22D6759DD6C5D8647D5461631B52C6558DCEF13FB1E328C62ECC377 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1069056 |
Entropy (8bit): | 5.550490003883871 |
Encrypted: | false |
SSDEEP: | 12288:UabbKACcbDWwVexYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:HaXcfWwgmKrhncQYlez5nGa84djgol |
MD5: | 6CB715AEF46D67EA68C59050D21B4522 |
SHA1: | F916645912DD962E8154073DF1AC4B707DFCC6D9 |
SHA-256: | EEE2DC41DA43B9601CB388825FC261C2FB0BBE60C7D3103574DE06CA694F01A1 |
SHA-512: | 971829FD75C1917ED49CCFFD9990D7E6E77850B232BB34461C0BAA65F9B1A97E297BD797379CB46080E76038704994AFA3817874959D0426FD67130E782624E5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 209312 |
Entropy (8bit): | 6.796289498157116 |
Encrypted: | false |
SSDEEP: | 6144:swTMBboFMSuc/9NPXWPJROo/wVJyB60OHyLC7vs:swTMB02SD/mXO64c2Hyw |
MD5: | FF214585BF10206E21EA8EBA202FACFD |
SHA1: | 1ED4AE92D235497F62610078D51105C4634AFADE |
SHA-256: | C48C430EB07ACC2FF8BDDD6057F5C9F72C2E83F67478F1E4A1792AF866711538 |
SHA-512: | 24073F60B886C58F227769B2DD7D1439DF841784E43E753265DA761801FDA58FBEEDAC4A642E0A6ABDA40A6263153FAA1A9540DF6D35E38BF0EE5327EA55B4FE |
Malicious: | true |
Antivirus: | |
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 145920 |
Entropy (8bit): | 5.742854541048038 |
Encrypted: | false |
SSDEEP: | 3072:SfzsWjBQoVY9ZxvMlkD6F+UoOxsjlpfzX6:SfzsCBhy9dXUo+epfz |
MD5: | E2C777B6E3CE4C15C5657429A63787A3 |
SHA1: | DFFC902982B618201D0DC46B91F1565DC7D04377 |
SHA-256: | 7E02DBE7D9D4CE4DA15AD56123B0B9809F004F5C64917910BB55C8073DAA92B8 |
SHA-512: | 2600F0CAE24C02DC64415E5A305AF7BB5B0CE97D9466F06D40430CFD03CE609A598BA10799E4D4A7EB7B1D95DD674F4E2522FA3767133786ED78FE5D7A2B3B05 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1064960 |
Entropy (8bit): | 5.552014205230675 |
Encrypted: | false |
SSDEEP: | 12288:BabbKACcbDWwVexYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:MaXcfWwgmKrhncQYlez5nGa84djgol |
MD5: | 0DDBAA45951517107B9702E6CCC87906 |
SHA1: | 370891865959F967B885A1EB9BFB459D73DF6105 |
SHA-256: | 6C7F57824FA935D6BAB9ED7127A484F05433BB12FB6A5B9A6581B1173C5A237A |
SHA-512: | 421D4DCE4D4A521AA3CEC731D9FE1BE95A2510BB29B4493859EFEF6AF8816A4C274D261A349D23113A448A35F8AEBE1D3786788840DDB0D4DC5D2C7338F4683B |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.568391526693222 |
TrID: |
|
File name: | x64.dll |
File size: | 1060864 |
MD5: | 66ac9a127ebb19f915987c31cf67d8d3 |
SHA1: | b90e008f65d129cd9ade9aa24a9e046d727ff3f6 |
SHA256: | 94c0cedd61450d24b1195538edcd623b734749553680a42b5b64bc6194c2126a |
SHA512: | ca0f1e93269456ab78e0ec00acc85310a30c7dfde9548b6898ba4694b1717ea2f3e09092431ffbf71431e8b9c7db04814b21fbef54f2a23f133c6a19f76717b8 |
SSDEEP: | 12288:cabbKACcbDWwVexYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:faXcfWwgmKrhncQYlez5nGa84djgol |
TLSH: | 4D35CF4D492F1AC8D6A550F26B3387F6296EF4940420DEBD32B67025ED8DE7D8CC291B |
File Content Preview: | MZ......................@.......................................x..j<..9<..9<..9?.t9I..9...8k..9S.49...9.ou9w..9...8M..9...82..9.7.9...91.I9u..9".:9...9'l590..9".=9/..9...8G..9R..8...9...8P..9S.39v..9?.u9i..9.7.9}..9...8...9".;9i..9..I9S..9Z.e9x..9?.w9... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x14002a5b0 |
Entrypoint Section: | .crt1 |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x54B45CFA [Mon Jan 12 23:47:06 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 25c7ac00c91884fd2923a489ae9dfbca |
Instruction |
---|
dec eax |
mov dword ptr [00037CB9h], ecx |
dec eax |
mov dword ptr [00037CBAh], edx |
dec eax |
or dword ptr [00037CFBh], esi |
dec eax |
mov dword ptr [00037CFCh], edi |
dec eax |
mov dword ptr [00037CFDh], ebx |
dec eax |
mov dword ptr [00037CA6h], ebp |
dec eax |
mov dword ptr [00037CA7h], esp |
dec esp |
mov dword ptr [00037CA8h], eax |
dec esp |
mov dword ptr [00037CA9h], ecx |
dec esp |
mov dword ptr [00037CC2h], esp |
dec esp |
mov dword ptr [00037CB3h], ebp |
dec esp |
or dword ptr [00037CA4h], esi |
dec esp |
mov dword ptr [00037C95h], edi |
dec eax |
lea esi, dword ptr [FFFFD97Eh] |
jmp esi |
ud2 |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x102010 | 0x8ee | .ncm |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2ba68 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9e000 | 0xfc98 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xae000 | 0x28bc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x610 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2b000 | 0x90 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2779e | 0x28000 | False | 0.761749267578 | data | 7.8179817907 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x29000 | 0xea5 | 0x1000 | False | 0.048095703125 | data | 0.477776163924 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.crt1 | 0x2a000 | 0x6fb | 0x1000 | False | 0.25634765625 | data | 2.77764805072 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x2b000 | 0xcc0 | 0x1000 | False | 0.44921875 | data | 4.04304284558 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2c000 | 0x41e09 | 0x42000 | False | 0.577795780066 | data | 6.66561055311 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x6e000 | 0xb46 | 0x1000 | False | 0.0595703125 | data | 0.53656064431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
qwTG | 0x6f000 | 0x2e9a2 | 0x2f000 | False | 0.818348986037 | data | 7.87184991211 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9e000 | 0xfc98 | 0x10000 | False | 0.223709106445 | data | 4.08759024615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xae000 | 0x28bc | 0x3000 | False | 0.105550130208 | data | 5.14379878517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.lqen | 0xb1000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vqb | 0xf7000 | 0x1455 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gjd | 0xf9000 | 0x128f | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wqhqlp | 0xfb000 | 0x1f2a | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.jriz | 0xfd000 | 0x128f | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ebkl | 0xff000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.aoj | 0x100000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ncm | 0x102000 | 0x8fe | 0x1000 | False | 0.253662109375 | data | 3.69309347361 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_STRING | 0x9ee40 | 0x14a | data | English | United States |
RT_STRING | 0x9ef90 | 0x310 | data | English | United States |
RT_STRING | 0x9f2a0 | 0x162 | data | English | United States |
RT_STRING | 0x9f408 | 0x286 | data | English | United States |
RT_STRING | 0x9f690 | 0x1cc | AmigaOS bitmap font | English | United States |
RT_STRING | 0x9f860 | 0x272 | data | English | United States |
RT_STRING | 0x9fad8 | 0xee | data | English | United States |
RT_STRING | 0x9fbc8 | 0x144 | data | English | United States |
RT_STRING | 0x9fd10 | 0xda | data | English | United States |
RT_STRING | 0x9fdf0 | 0x20e | data | English | United States |
RT_STRING | 0xa0000 | 0x326 | data | English | United States |
RT_STRING | 0xa0328 | 0x33a | data | English | United States |
RT_STRING | 0xa0668 | 0x58c | data | English | United States |
RT_STRING | 0xa0bf8 | 0x2ca | data | English | United States |
RT_STRING | 0xa0ec8 | 0x2ce | data | English | United States |
RT_STRING | 0xa1198 | 0x3c6 | data | English | United States |
RT_STRING | 0xa1560 | 0x41c | data | English | United States |
RT_STRING | 0xa1980 | 0x380 | data | English | United States |
RT_STRING | 0xa1d00 | 0x408 | data | English | United States |
RT_STRING | 0xa2108 | 0x4cc | data | English | United States |
RT_STRING | 0xa25d8 | 0x206 | data | English | United States |
RT_STRING | 0xa27e0 | 0x50a | data | English | United States |
RT_STRING | 0xa2cf0 | 0x168 | data | English | United States |
RT_STRING | 0xa2e58 | 0x12a | data | English | United States |
RT_STRING | 0xa2f88 | 0x36c | data | English | United States |
RT_STRING | 0xa32f8 | 0x2a8 | data | English | United States |
RT_STRING | 0xa35a0 | 0x1de | data | English | United States |
RT_STRING | 0xa3780 | 0x3ec | data | English | United States |
RT_STRING | 0xa3b70 | 0x354 | data | English | United States |
RT_STRING | 0xa3ec8 | 0x19c | data | English | United States |
RT_STRING | 0xa4068 | 0x27e | data | English | United States |
RT_STRING | 0xa42e8 | 0x3d8 | data | English | United States |
RT_STRING | 0xa46c0 | 0x396 | data | English | United States |
RT_STRING | 0xa4a58 | 0x336 | data | English | United States |
RT_STRING | 0xa4d90 | 0x242 | data | English | United States |
RT_STRING | 0xa4fd8 | 0x1ac | data | English | United States |
RT_STRING | 0xa5188 | 0x2f4 | data | English | United States |
RT_STRING | 0xa5480 | 0x3ec | data | English | United States |
RT_STRING | 0xa5870 | 0x570 | data | English | United States |
RT_STRING | 0xa5de0 | 0x3b2 | Hitachi SH big-endian COFF object file, not stripped, 9472 sections, symbol offset=0x4b004200, 83895552 symbols, optional header size 12544 | English | United States |
RT_STRING | 0xa6198 | 0x3aa | data | English | United States |
RT_STRING | 0xa6548 | 0x2c0 | data | English | United States |
RT_STRING | 0xa6808 | 0x226 | data | English | United States |
RT_STRING | 0xa6a30 | 0x248 | data | English | United States |
RT_STRING | 0xa6c78 | 0x8f0 | data | English | United States |
RT_STRING | 0xa7568 | 0x6aa | data | English | United States |
RT_STRING | 0xa7c18 | 0x456 | data | English | United States |
RT_STRING | 0xa8070 | 0x522 | data | English | United States |
RT_STRING | 0xa8598 | 0x51c | data | English | United States |
RT_STRING | 0xa8ab8 | 0x492 | data | English | United States |
RT_STRING | 0xa8f50 | 0x432 | data | English | United States |
RT_STRING | 0xa9388 | 0x6ec | data | English | United States |
RT_STRING | 0xa9a78 | 0x214 | data | English | United States |
RT_STRING | 0xa9c90 | 0x472 | AmigaOS bitmap font | English | United States |
RT_STRING | 0xaa108 | 0x3a2 | data | English | United States |
RT_STRING | 0xaa4b0 | 0xb4 | data | English | United States |
RT_STRING | 0xaa568 | 0x466 | data | English | United States |
RT_STRING | 0xaa9d0 | 0x4b2 | data | English | United States |
RT_STRING | 0xaae88 | 0x312 | data | English | United States |
RT_STRING | 0xab1a0 | 0x106 | data | English | United States |
RT_STRING | 0xab2a8 | 0x24e | data | English | United States |
RT_STRING | 0xab4f8 | 0x2b0 | data | English | United States |
RT_STRING | 0xab7a8 | 0x392 | data | English | United States |
RT_STRING | 0xabb40 | 0x34a | data | English | United States |
RT_STRING | 0xabe90 | 0x404 | data | English | United States |
RT_STRING | 0xac298 | 0x3fc | data | English | United States |
RT_STRING | 0xac698 | 0x27a | data | English | United States |
RT_STRING | 0xac918 | 0xa8 | data | English | United States |
RT_STRING | 0xac9c0 | 0xda | data | English | United States |
RT_STRING | 0xacaa0 | 0x2b2 | data | English | United States |
RT_STRING | 0xacd58 | 0x274 | data | English | United States |
RT_STRING | 0xacfd0 | 0x37c | data | English | United States |
RT_STRING | 0xad350 | 0x3fe | data | English | United States |
RT_STRING | 0xad750 | 0x2c0 | data | English | United States |
RT_STRING | 0xada10 | 0x284 | data | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetBinaryTypeW, GetModuleFileNameW, GetExitCodeProcess, GetModuleHandleW, GetCurrentProcess, GetCurrentProcessId, GetUserDefaultUILanguage |
USER32.dll | SetProcessDefaultLayout, IsProcessDPIAware, ChildWindowFromPointEx, GetThreadDesktop |
GDI32.dll | GetCharWidthW, FlattenPath |
ADVAPI32.dll | InitiateSystemShutdownExW |
Name | Ordinal | Address |
---|---|---|
IsInteractiveUserSession | 1 | 0x140017388 |
QueryActiveSession | 2 | 0x140026c6c |
QueryUserToken | 3 | 0x140004bc4 |
RegisterUsertokenForNoWinlogon | 4 | 0x1400052fc |
WTSCloseServer | 5 | 0x14001e6dc |
WTSConnectSessionA | 6 | 0x140008eb8 |
WTSConnectSessionW | 7 | 0x140011548 |
WTSCreateListenerA | 8 | 0x140002340 |
WTSCreateListenerW | 9 | 0x140017290 |
WTSDisconnectSession | 10 | 0x140025978 |
WTSEnableChildSessions | 11 | 0x14001e7b8 |
WTSEnumerateListenersA | 12 | 0x140027d54 |
WTSEnumerateListenersW | 13 | 0x140006740 |
WTSEnumerateProcessesA | 14 | 0x140015468 |
WTSEnumerateProcessesExA | 15 | 0x140001ccc |
WTSEnumerateProcessesExW | 16 | 0x1400283d0 |
WTSEnumerateProcessesW | 17 | 0x140007568 |
WTSEnumerateServersA | 18 | 0x14001faec |
WTSEnumerateServersW | 19 | 0x140016480 |
WTSEnumerateSessionsA | 20 | 0x14000f194 |
WTSEnumerateSessionsExA | 21 | 0x14001add4 |
WTSEnumerateSessionsExW | 22 | 0x140010c34 |
WTSEnumerateSessionsW | 23 | 0x140010830 |
WTSFreeMemory | 24 | 0x1400079e8 |
WTSFreeMemoryExA | 25 | 0x140001a10 |
WTSFreeMemoryExW | 26 | 0x14000d420 |
WTSGetChildSessionId | 27 | 0x140012468 |
WTSGetListenerSecurityA | 28 | 0x14002160c |
WTSGetListenerSecurityW | 29 | 0x140022934 |
WTSIsChildSessionsEnabled | 30 | 0x14000e2b4 |
WTSLogoffSession | 31 | 0x140017848 |
WTSOpenServerA | 32 | 0x14000d7b0 |
WTSOpenServerExA | 33 | 0x140023da0 |
WTSOpenServerExW | 34 | 0x140014938 |
WTSOpenServerW | 35 | 0x14000b28c |
WTSQueryListenerConfigA | 36 | 0x14000adf4 |
WTSQueryListenerConfigW | 37 | 0x140021de0 |
WTSQuerySessionInformationA | 38 | 0x140026480 |
WTSQuerySessionInformationW | 39 | 0x14000b01c |
WTSQueryUserConfigA | 40 | 0x14001ef04 |
WTSQueryUserConfigW | 41 | 0x140018ee4 |
WTSQueryUserToken | 42 | 0x1400161ac |
WTSRegisterSessionNotification | 43 | 0x1400247a8 |
WTSRegisterSessionNotificationEx | 44 | 0x1400234c4 |
WTSSendMessageA | 45 | 0x140011c24 |
WTSSendMessageW | 46 | 0x140020f44 |
WTSSetListenerSecurityA | 47 | 0x140019a50 |
WTSSetListenerSecurityW | 48 | 0x1400010a8 |
WTSSetRenderHint | 49 | 0x140019d14 |
WTSSetSessionInformationA | 50 | 0x14000c4d4 |
WTSSetSessionInformationW | 51 | 0x140002d30 |
WTSSetUserConfigA | 52 | 0x140028434 |
WTSSetUserConfigW | 53 | 0x140024668 |
WTSShutdownSystem | 54 | 0x140016b6c |
WTSStartRemoteControlSessionA | 55 | 0x140008fc0 |
WTSStartRemoteControlSessionW | 56 | 0x140010620 |
WTSStopRemoteControlSession | 57 | 0x14001f8fc |
WTSTerminateProcess | 58 | 0x140004a04 |
WTSUnRegisterSessionNotification | 59 | 0x1400135e0 |
WTSUnRegisterSessionNotificationEx | 60 | 0x140002d0c |
WTSVirtualChannelClose | 61 | 0x140028138 |
WTSVirtualChannelOpen | 62 | 0x14001f368 |
WTSVirtualChannelOpenEx | 63 | 0x140003fbc |
WTSVirtualChannelPurgeInput | 64 | 0x140009418 |
WTSVirtualChannelPurgeOutput | 65 | 0x1400088c4 |
WTSVirtualChannelQuery | 66 | 0x1400214e4 |
WTSVirtualChannelRead | 67 | 0x140002f3c |
WTSVirtualChannelWrite | 68 | 0x140013f94 |
WTSWaitSystemEvent | 69 | 0x140004dac |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Code Manipulations
Function Name | Hook Type | Active in Processes |
---|---|---|
ZwSetEvent | INLINE | explorer.exe |
RtlAllocateMemoryBlockLookaside | INLINE | explorer.exe |
RtlAllocateMemoryZone | INLINE | explorer.exe |
NtSetEvent | INLINE | explorer.exe |
Function Name | Hook Type | New Data |
---|---|---|
ZwSetEvent | INLINE | 0xE9 0x9B 0xBB 0xB5 0x5E 0xEF |
RtlAllocateMemoryBlockLookaside | INLINE | 0x48 0x88 0x89 0x9E 0xE0 0x03 |
RtlAllocateMemoryZone | INLINE | 0x8D 0xDA 0xAC 0xC2 0x24 0x49 |
NtSetEvent | INLINE | 0xE9 0x9B 0xBB 0xB5 0x5E 0xEF |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 21:45:11 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60a190000 |
File size: | 140288 bytes |
MD5 hash: | 4E8A40CAD6CCC047914E3A7830A2D8AA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 2 |
Start time: | 21:45:11 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff602050000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 21:45:12 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d35e0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 21:45:12 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d35e0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 5 |
Start time: | 21:45:14 |
Start date: | 12/04/2022 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74fc70000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 21:45:15 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d35e0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 8 |
Start time: | 21:45:19 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d35e0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 16 |
Start time: | 21:46:11 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bd590000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 17 |
Start time: | 21:46:13 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff602050000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 20 |
Start time: | 21:46:14 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 24 |
Start time: | 21:46:25 |
Start date: | 12/04/2022 |
Path: | C:\Users\user\AppData\Roaming\R3POs\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e4380000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
Target ID: | 25 |
Start time: | 21:46:26 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\MDMAppInstaller.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b4780000 |
File size: | 145920 bytes |
MD5 hash: | E2C777B6E3CE4C15C5657429A63787A3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 26 |
Start time: | 21:46:31 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff602050000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 27 |
Start time: | 21:46:32 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 28 |
Start time: | 21:46:34 |
Start date: | 12/04/2022 |
Path: | C:\Users\user\AppData\Roaming\R3POs\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e4380000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 29 |
Start time: | 21:46:34 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 30 |
Start time: | 21:46:36 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 31 |
Start time: | 21:46:37 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\CCAL\MDMAppInstaller.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5240000 |
File size: | 145920 bytes |
MD5 hash: | E2C777B6E3CE4C15C5657429A63787A3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Target ID: | 33 |
Start time: | 21:46:43 |
Start date: | 12/04/2022 |
Path: | C:\Users\user\AppData\Roaming\R3POs\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e4380000 |
File size: | 209312 bytes |
MD5 hash: | FF214585BF10206E21EA8EBA202FACFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 34 |
Start time: | 21:46:56 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 35 |
Start time: | 21:46:57 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 36 |
Start time: | 21:47:20 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 37 |
Start time: | 21:47:21 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 38 |
Start time: | 21:47:42 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 39 |
Start time: | 21:47:43 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 40 |
Start time: | 21:48:04 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 41 |
Start time: | 21:48:05 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 42 |
Start time: | 21:48:26 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 43 |
Start time: | 21:48:26 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 44 |
Start time: | 21:48:47 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 45 |
Start time: | 21:48:48 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 46 |
Start time: | 21:49:09 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff701990000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 47 |
Start time: | 21:49:09 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77f440000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 2.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 22.5% |
Total number of Nodes: | 565 |
Total number of Limit Nodes: | 61 |
Graph
Function 0000000140049CE8 Relevance: 3.3, APIs: 2, Instructions: 298registryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140040370 Relevance: 1.7, APIs: 1, Instructions: 196libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004357C Relevance: 1.6, APIs: 1, Instructions: 140synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003DEEC Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400343E8 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F4D0 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140033C60 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003ECBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042CC8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 241COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400099AC Relevance: .9, Instructions: 921COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400162E0 Relevance: .8, Instructions: 794COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061A90 Relevance: .7, Instructions: 705COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140012D8C Relevance: .6, Instructions: 595COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022004 Relevance: .6, Instructions: 594COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140013B64 Relevance: .6, Instructions: 561COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140008B94 Relevance: .5, Instructions: 537COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400243E0 Relevance: .5, Instructions: 529COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140053670 Relevance: .5, Instructions: 503COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140032750 Relevance: .5, Instructions: 502COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140012474 Relevance: .5, Instructions: 496COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D69C Relevance: .5, Instructions: 488COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140003CC4 Relevance: .5, Instructions: 468COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000AC74 Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002782C Relevance: .4, Instructions: 427COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140011DE4 Relevance: .4, Instructions: 425COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400027DC Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400515A0 Relevance: .4, Instructions: 397COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060014 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F8A4 Relevance: .4, Instructions: 390COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140055364 Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400659F0 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140014644 Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003A60C Relevance: .4, Instructions: 350COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140038478 Relevance: .3, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042504 Relevance: .3, Instructions: 321COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002BAEC Relevance: .3, Instructions: 319COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063324 Relevance: .3, Instructions: 316COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001C7CC Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060B8C Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140032128 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400205D8 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140041F3C Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066100 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D914 Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002AD38 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002DAA4 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BBBC Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001158 Relevance: .3, Instructions: 256COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F4B8 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001BEC8 Relevance: .3, Instructions: 253COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001A78 Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001CF40 Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000ECD0 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051D90 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140053EC0 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000F848 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003D878 Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F198 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002747C Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400466C4 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140044CD8 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017F40 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031DCC Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D5EC Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004E954 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400137A0 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140043AC0 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140006AEC Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004E628 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140021BD8 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140049980 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063CB4 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400512E0 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017CD4 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031670 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140050EA8 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023E1C Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002EA1C Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061283 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140024028 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400280AC Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002B3F3 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002B429 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004ECF8 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140021E1C Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002E030 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400365D0 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004A660 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EF0C Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004A4B0 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F0AC Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001B250 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001B4AC Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000578C Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140004C0C Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 1.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4382F54 Relevance: 186.3, APIs: 63, Strings: 43, Instructions: 845sleepmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4386848 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 218memorysynchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4390A58 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 224memorysynchronizationCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438E368 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 208nativememoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4392438 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 208librarynativeloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438BE54 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 292fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4381A70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 115processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4388404 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 61nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4391BA0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 212fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4387BC4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 82registrytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4388F2C Relevance: 7.6, APIs: 5, Instructions: 123commemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4391F54 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438285C Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 212COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4381C38 Relevance: 44.1, APIs: 15, Strings: 10, Instructions: 369COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4382C14 Relevance: 43.9, APIs: 13, Strings: 12, Instructions: 195fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4392060 Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 123libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4382224 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 90libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4384784 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 149windowthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438DBB0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 167fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4385FC8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 126COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4385E74 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E439223C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438E13C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 130fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4381918 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 78COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4386BC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84memorysynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E439108C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4386790 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E43849DC Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 245threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438C548 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4391750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103registrymemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4391624 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4390290 Relevance: 9.1, APIs: 6, Instructions: 103threadtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E43887E0 Relevance: 7.7, APIs: 5, Instructions: 160registryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438DB3C Relevance: 7.5, APIs: 5, Instructions: 31threadtimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4384D9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438E824 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438E78C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4390650 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4385280 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438CDE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4383F54 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E438828C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4385C80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 16synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4390F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7E4385890 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |