Windows
Analysis Report
drytex.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 7036 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\dry tex.dll" MD5: 4E8A40CAD6CCC047914E3A7830A2D8AA) - cmd.exe (PID: 7044 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\dry tex.dll",# 1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 7064 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dryt ex.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A) - conhost.exe (PID: 7112 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - regsvr32.exe (PID: 7052 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\dr ytex.dll MD5: D78B75FC68247E8A63ACBA846182740E) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - phoneactivate.exe (PID: 6868 cmdline:
C:\Windows \system32\ phoneactiv ate.exe MD5: 09D1974A03068D4311F1CE94B765E817) - cmd.exe (PID: 7064 cmdline:
"C:\Window s\system32 \cmd.exe" /c C:\User s\user\App Data\Local \Temp\V8Ka .cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - phoneactivate.exe (PID: 1988 cmdline:
"C:\Users\ user\AppDa ta\Roaming \ThotvT\ph oneactivat e.exe" MD5: 09D1974A03068D4311F1CE94B765E817) - pwcreator.exe (PID: 1428 cmdline:
C:\Windows \system32\ pwcreator. exe MD5: BF33FA218E0B4F6AEC77616BE0F5DD9D) - SppExtComObj.Exe (PID: 6320 cmdline:
C:\Windows \system32\ SppExtComO bj.Exe MD5: 809E11DECADAEBE2454EFEDD620C4769) - cmd.exe (PID: 6028 cmdline:
"C:\Window s\system32 \cmd.exe" /c C:\User s\user\App Data\Local \Temp\33sS d.cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6832 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - phoneactivate.exe (PID: 1908 cmdline:
"C:\Users\ user\AppDa ta\Roaming \ThotvT\ph oneactivat e.exe" MD5: 09D1974A03068D4311F1CE94B765E817) - dllhost.exe (PID: 5520 cmdline:
C:\Windows \system32\ DllHost.ex e /Process id:{E10F6C 3A-F1AE-4A DC-AA9D-2F E65525666E } MD5: 2528137C6745C4EADD87817A1909677E) - schtasks.exe (PID: 5872 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /F /TN "Uttpj" /T R C:\Windo ws\system3 2\xs2t3d\S ppExtComOb j.Exe /SC minute /MO 60 /RL hi ghest MD5: 838D346D1D28F00783B7A6C6BD03A0DA) - conhost.exe (PID: 3176 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - phoneactivate.exe (PID: 2384 cmdline:
"C:\Users\ user\AppDa ta\Roaming \ThotvT\ph oneactivat e.exe" MD5: 09D1974A03068D4311F1CE94B765E817) - rundll32.exe (PID: 7072 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dryte x.dll,DllC anUnloadNo w MD5: 73C519F050C20580F8A62C849D49215A) - rundll32.exe (PID: 7132 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dryte x.dll,DllG etClassObj ect MD5: 73C519F050C20580F8A62C849D49215A) - rundll32.exe (PID: 5168 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dryte x.dll,DwmA ttachMilCo ntent MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 4 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0000000140049724 |
Source: | String found in binary or memory: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_000000014005284C | |
Source: | Code function: | 0_2_0000000140048A4C | |
Source: | Code function: | 0_2_0000000140040370 | |
Source: | Code function: | 0_2_00000001400343E8 | |
Source: | Code function: | 0_2_0000000140026C74 | |
Source: | Code function: | 0_2_000000014004F4D0 | |
Source: | Code function: | 0_2_0000000140049CE8 | |
Source: | Code function: | 0_2_000000014004357C | |
Source: | Code function: | 0_2_000000014003DEEC | |
Source: | Code function: | 0_2_0000000140036778 | |
Source: | Code function: | 0_2_0000000140022004 | |
Source: | Code function: | 0_2_0000000140060014 | |
Source: | Code function: | 0_2_0000000140024028 | |
Source: | Code function: | 0_2_000000014002782C | |
Source: | Code function: | 0_2_000000014002E030 | |
Source: | Code function: | 0_2_000000014005582B | |
Source: | Code function: | 0_2_0000000140034044 | |
Source: | Code function: | 0_2_000000014000F848 | |
Source: | Code function: | 0_2_000000014003D878 | |
Source: | Code function: | 0_2_0000000140020094 | |
Source: | Code function: | 0_2_000000014002F8A4 | |
Source: | Code function: | 0_2_00000001400280AC | |
Source: | Code function: | 0_2_000000014004F0AC | |
Source: | Code function: | 0_2_00000001400410B4 | |
Source: | Code function: | 0_2_00000001400150E4 | |
Source: | Code function: | 0_2_0000000140066100 | |
Source: | Code function: | 0_2_0000000140025100 | |
Source: | Code function: | 0_2_000000014004D914 | |
Source: | Code function: | 0_2_0000000140033124 | |
Source: | Code function: | 0_2_0000000140032128 | |
Source: | Code function: | 0_2_0000000140025930 | |
Source: | Code function: | 0_2_0000000140005950 | |
Source: | Code function: | 0_2_000000014004E954 | |
Source: | Code function: | 0_2_0000000140001158 | |
Source: | Code function: | 0_2_000000014003796C | |
Source: | Code function: | 0_2_0000000140049980 | |
Source: | Code function: | 0_2_0000000140039990 | |
Source: | Code function: | 0_2_000000014002F198 | |
Source: | Code function: | 0_2_00000001400389A4 | |
Source: | Code function: | 0_2_00000001400099AC | |
Source: | Code function: | 0_2_00000001400659F0 | |
Source: | Code function: | 0_2_000000014002EA1C | |
Source: | Code function: | 0_2_0000000140055A4D | |
Source: | Code function: | 0_2_000000014005A24C | |
Source: | Code function: | 0_2_000000014001B250 | |
Source: | Code function: | 0_2_0000000140001A78 | |
Source: | Code function: | 0_2_0000000140007284 | |
Source: | Code function: | 0_2_0000000140061283 | |
Source: | Code function: | 0_2_0000000140061A90 | |
Source: | Code function: | 0_2_00000001400642A0 | |
Source: | Code function: | 0_2_000000014002DAA4 | |
Source: | Code function: | 0_2_0000000140043AC0 | |
Source: | Code function: | 0_2_0000000140019AC4 | |
Source: | Code function: | 0_2_00000001400512E0 | |
Source: | Code function: | 0_2_00000001400162E0 | |
Source: | Code function: | 0_2_000000014002BAEC | |
Source: | Code function: | 0_2_0000000140006AEC | |
Source: | Code function: | 0_2_0000000140063324 | |
Source: | Code function: | 0_2_0000000140013B64 | |
Source: | Code function: | 0_2_0000000140055364 | |
Source: | Code function: | 0_2_0000000140019378 | |
Source: | Code function: | 0_2_0000000140060B8C | |
Source: | Code function: | 0_2_000000014001A394 | |
Source: | Code function: | 0_2_0000000140008B94 | |
Source: | Code function: | 0_2_000000014004BBBC | |
Source: | Code function: | 0_2_0000000140021BD8 | |
Source: | Code function: | 0_2_00000001400243E0 | |
Source: | Code function: | 0_2_000000014002B3F3 | |
Source: | Code function: | 0_2_0000000140004C0C | |
Source: | Code function: | 0_2_000000014002B429 | |
Source: | Code function: | 0_2_0000000140012474 | |
Source: | Code function: | 0_2_000000014000AC74 | |
Source: | Code function: | 0_2_0000000140038478 | |
Source: | Code function: | 0_2_000000014004FC74 | |
Source: | Code function: | 0_2_000000014002747C | |
Source: | Code function: | 0_2_000000014002A4A4 | |
Source: | Code function: | 0_2_000000014001B4AC | |
Source: | Code function: | 0_2_000000014004A4B0 | |
Source: | Code function: | 0_2_0000000140063CB4 | |
Source: | Code function: | 0_2_000000014002F4B8 | |
Source: | Code function: | 0_2_0000000140003CC4 | |
Source: | Code function: | 0_2_000000014000ECD0 | |
Source: | Code function: | 0_2_0000000140017CD4 | |
Source: | Code function: | 0_2_0000000140044CD8 | |
Source: | Code function: | 0_2_000000014004ECF8 | |
Source: | Code function: | 0_2_0000000140042504 | |
Source: | Code function: | 0_2_0000000140026534 | |
Source: | Code function: | 0_2_000000014002AD38 | |
Source: | Code function: | 0_2_0000000140022D50 | |
Source: | Code function: | 0_2_0000000140029550 | |
Source: | Code function: | 0_2_0000000140012D8C | |
Source: | Code function: | 0_2_0000000140051D90 | |
Source: | Code function: | 0_2_0000000140006D94 | |
Source: | Code function: | 0_2_00000001400515A0 | |
Source: | Code function: | 0_2_00000001400285AC | |
Source: | Code function: | 0_2_0000000140031DCC | |
Source: | Code function: | 0_2_00000001400365D0 | |
Source: | Code function: | 0_2_00000001400205D8 | |
Source: | Code function: | 0_2_0000000140011DE4 | |
Source: | Code function: | 0_2_000000014004D5EC | |
Source: | Code function: | 0_2_000000014003A60C | |
Source: | Code function: | 0_2_0000000140021E1C | |
Source: | Code function: | 0_2_0000000140023E1C | |
Source: | Code function: | 0_2_000000014004E628 | |
Source: | Code function: | 0_2_000000014004CE2C | |
Source: | Code function: | 0_2_0000000140018638 | |
Source: | Code function: | 0_2_0000000140004E38 | |
Source: | Code function: | 0_2_0000000140014644 | |
Source: | Code function: | 0_2_000000014002EE48 | |
Source: | Code function: | 0_2_000000014004A660 | |
Source: | Code function: | 0_2_0000000140053670 | |
Source: | Code function: | 0_2_000000014003AE70 | |
Source: | Code function: | 0_2_0000000140031670 | |
Source: | Code function: | 0_2_000000014002D694 | |
Source: | Code function: | 0_2_0000000140036E98 | |
Source: | Code function: | 0_2_000000014000D69C | |
Source: | Code function: | 0_2_0000000140050EA8 | |
Source: | Code function: | 0_2_0000000140053EC0 | |
Source: | Code function: | 0_2_000000014001BEC8 | |
Source: | Code function: | 0_2_00000001400466C4 | |
Source: | Code function: | 0_2_000000014004EF0C | |
Source: | Code function: | 0_2_0000000140017F40 | |
Source: | Code function: | 0_2_000000014001CF40 | |
Source: | Code function: | 0_2_0000000140041F3C | |
Source: | Code function: | 0_2_0000000140032750 | |
Source: | Code function: | 0_2_000000014000578C | |
Source: | Code function: | 0_2_00000001400137A0 | |
Source: | Code function: | 0_2_00000001400557A3 | |
Source: | Code function: | 0_2_000000014001C7CC | |
Source: | Code function: | 0_2_00000001400027DC | |
Source: | Code function: | 0_2_0000000140030FE0 | |
Source: | Code function: | 23_2_00007FF744385364 | |
Source: | Code function: | 23_2_00007FF74438D570 | |
Source: | Code function: | 23_2_00007FF744386920 | |
Source: | Code function: | 23_2_00007FF7443891DC | |
Source: | Code function: | 23_2_00007FF744385998 | |
Source: | Code function: | 23_2_00007FF74438B9B4 | |
Source: | Code function: | 23_2_00007FF7443883BC | |
Source: | Code function: | 23_2_00007FF7443897D4 | |
Source: | Code function: | 23_2_00007FF744388058 | |
Source: | Code function: | 23_2_00007FF74438A094 | |
Source: | Code function: | 23_2_00007FF74438D220 | |
Source: | Code function: | 23_2_00007FF74438CE28 | |
Source: | Code function: | 23_2_00007FF7443884DC | |
Source: | Code function: | 23_2_00007FF744385EE0 | |
Source: | Code function: | 23_2_00007FF7443812F8 | |
Source: | Code function: | 23_2_00007FF74438730C | |
Source: | Code function: | 36_2_00007FF744385364 | |
Source: | Code function: | 36_2_00007FF74438D570 | |
Source: | Code function: | 36_2_00007FF744386920 | |
Source: | Code function: | 36_2_00007FF7443891DC | |
Source: | Code function: | 36_2_00007FF744385998 | |
Source: | Code function: | 36_2_00007FF74438B9B4 | |
Source: | Code function: | 36_2_00007FF7443883BC | |
Source: | Code function: | 36_2_00007FF7443897D4 | |
Source: | Code function: | 36_2_00007FF744388058 | |
Source: | Code function: | 36_2_00007FF74438A094 | |
Source: | Code function: | 36_2_00007FF74438D220 | |
Source: | Code function: | 36_2_00007FF74438CE28 | |
Source: | Code function: | 36_2_00007FF7443884DC | |
Source: | Code function: | 36_2_00007FF744385EE0 | |
Source: | Code function: | 36_2_00007FF7443812F8 | |
Source: | Code function: | 36_2_00007FF74438730C |
Source: | Code function: |
Source: | Code function: | 0_2_000000014005284C |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Dropped File: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 23_2_00007FF74438730C |
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 23_2_00007FF744384794 |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0000020ADDE8305A | |
Source: | Code function: | 2_2_0287305A | |
Source: | Code function: | 3_2_000002639A34305A | |
Source: | Code function: | 4_2_000001FFD998305A | |
Source: | Code function: | 6_2_000001774A0A305A | |
Source: | Code function: | 7_2_000001AC7B97305A | |
Source: | Code function: | 23_2_000001C24820305A | |
Source: | Code function: | 36_2_000002122252305A | |
Source: | Code function: | 44_2_0000025AA596305A |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | User mode code has changed: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Check user administrative privileges: | graph_0-60861 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_000000014003EB14 |
Source: | Code function: | 0_2_0000000140049724 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 23_2_00007FF744385364 |
Source: | Code function: | 0_2_0000000140040370 |
Source: | Code function: | 23_2_00007FF74438DD68 | |
Source: | Code function: | 23_2_00007FF74438E060 | |
Source: | Code function: | 36_2_00007FF74438DD68 | |
Source: | Code function: | 36_2_00007FF74438E060 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Thread APC queued: | Jump to behavior |
Source: | Atom created: | Jump to behavior | ||
Source: | Atom created: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 23_2_00007FF7443891DC |
Source: | Code function: | 23_2_00007FF744381E00 | |
Source: | Code function: | 36_2_00007FF744381E00 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 312 Process Injection | 1 Rootkit | 1 Credential API Hooking | 1 System Time Discovery | Remote Services | 1 Credential API Hooking | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Scheduled Task/Job | 21 Masquerading | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 312 Process Injection | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Regsvr32 | Cached Domain Credentials | 24 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 2 Software Packing | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Timestomp | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 DLL Side-Loading | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | Virustotal | Browse | ||
76% | ReversingLabs | Win64.Worm.Cridex | ||
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Avira | HEUR/AGEN.1207422 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File | ||
100% | Avira | HEUR/AGEN.1207430 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 610526 |
Start date and time: 18/04/202207:33:07 | 2022-04-18 07:33:07 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | drytex.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 45 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@40/10@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, dllhost.exe, consent.exe, SppExtComObj.Exe, backgroundTaskHost.exe, UsoClient.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, go.microsoft.com, login.live.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtEnumerateKey calls found.
Time | Type | Description |
---|---|---|
07:35:13 | Autostart | |
07:35:22 | Autostart | |
07:35:30 | Autostart | |
07:35:34 | API Interceptor | |
07:35:41 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\ThotvT\phoneactivate.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 204 |
Entropy (8bit): | 4.992450793081024 |
Encrypted: | false |
SSDEEP: | 3:8Fo5TAI2eAIQUjV7AIBgIWXp5cViE2J5xAIhmXVLRIvmJAIUsMuoUQ:8u5TYeyiJHRWXp+N23fhmFlNqUQ |
MD5: | 3EBEA66F3F22B719EEA0C1ED1882A87A |
SHA1: | D6AEAA23E30880AAD41C17E674D24CCFCCB6FED8 |
SHA-256: | C266CA358FA49A556F80C1486C0E054B78080AC380318A619F6CE15A93C84166 |
SHA-512: | 94A81C7C0A4428408BCFED168C605CD4B2D7098C79BE8728E5B337F75D458508424041723623D6364802D9881EA6C23D8D2BD0CD75098247B627D7E1A483893A |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 237 |
Entropy (8bit): | 4.913522860271459 |
Encrypted: | false |
SSDEEP: | 6:8u5PWXp+NaZ5AgHG+AdgmfNWXp+NaZ5AsWXp+N23fHHYIWXp+NaZ5A6ovxUQ:8u5+HDugo0HyAdHqvxUQ |
MD5: | 20E4260BFC284D0F40AF7DAA705F22D0 |
SHA1: | 0599152423FADB2BB7BEC29BB6DC91052C52DF4F |
SHA-256: | 1E7288DC642133C2B2D272F19899D27B7079BCD467BE6C07DAA9E5C96B2DC82E |
SHA-512: | FFA815C5B2FF13E4D24EF01B421EA70F1A37B99D9D684FA3C07C32289DCE764CA5360443FC77B05DF244EEE398B870B6EF6AF5F7CF561C58288BC657BB0E892C |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1257472 |
Entropy (8bit): | 4.869587549920812 |
Encrypted: | false |
SSDEEP: | 12288:habbKACcbDWwVedYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:saXcfWwgSKrhncQYlez5nGa84djgol |
MD5: | C770563E0C71B17EF44FF21185C63AD3 |
SHA1: | 6AA9A5A97217143DA9F7E7F6FAB2CE71E127D6F2 |
SHA-256: | 45EE8F805EBB6C92B215B7C559BB778F5AC5AC7A913EBC028CF70EBE426EB1FD |
SHA-512: | CD52CD910CDF19245BE808AF2398D57A361E8D0EE7B57D5B5382CE56C1AB4E0B3D2D74877E50F1389E5069C85D60A3659A21991BF43BBD4049D1234129310127 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1540096 |
Entropy (8bit): | 5.376397843442921 |
Encrypted: | false |
SSDEEP: | 12288:AabbKACcbDWwVedYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDkW:7aXcfWwgSKrhncQYlez5nGa84djgol |
MD5: | FAB6B6A557FBE1C84AB38A331914817C |
SHA1: | 21B8E6CA4B6826D05B9E630A884AB8C8E2EE6317 |
SHA-256: | 090BB796EC1FFD9B7C050F86BDAA8A1614985D8BEBE3965DB8F39A569603D24A |
SHA-512: | 465A04D661CA6B454FA44FAF4143189F86B43D86060308409987B3162C30AE6DC9584AA2833A759DB9B71435FDF8AC583AE9034FF98204BEB6D91452D18D9BA3 |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1450 |
Entropy (8bit): | 7.346730158776579 |
Encrypted: | false |
SSDEEP: | 24:UX4NtP5Ucj5fMbfPOU/J0nfl75UETR72tnZQcBit1uak1:UX4NtP5UcybfPOU/qfl75n92kc+uak1 |
MD5: | FA67A4DAB5AD8716BA08564C60E0ED05 |
SHA1: | 34493BE6B3D4D5A6E04B24B90B87D32F686D6D96 |
SHA-256: | 61B4971FB3394F314D0A5401E3B99A806CE15001B98A7112E46FBC92B3DFBC31 |
SHA-512: | B497314198CBF476B7AD016856F5578212B1E176CD669959251C7829DA3C5FC87526834FA1E5C5E6BC9EEADAF9CC7DEB848BEE836FCCE14547A62007A7E669F5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Conqxrew.lnk
Download File
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 901 |
Entropy (8bit): | 5.0652880756211704 |
Encrypted: | false |
SSDEEP: | 12:8q43P84grl0KCqo//ZSL44gue7XQhwLDglvRgjAsHAnDSa7sd14P542Gm:8zVgrlH7oBssHLQGQlJ0ABDp7PEm |
MD5: | 41C3A004B77DE5860657B1653FFC54F7 |
SHA1: | D53C091CF6582B32EC5BAE408E5EE48059CD9F82 |
SHA-256: | 7C3BC8D56BF8466BF92012966C7720FB569BCD7AA36CF2E679E0B35F96FF6BFC |
SHA-512: | AB1710478E568CC467B670F85C53CDCAF144C23D3EAA394705D0E3FBAE93F00B135EA330DE029C65FB3DD3FA345A1AEAEF0D7455274CCF3247EA3D37F2586113 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1540096 |
Entropy (8bit): | 5.376397843442921 |
Encrypted: | false |
SSDEEP: | 12288:AabbKACcbDWwVedYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDkW:7aXcfWwgSKrhncQYlez5nGa84djgol |
MD5: | FAB6B6A557FBE1C84AB38A331914817C |
SHA1: | 21B8E6CA4B6826D05B9E630A884AB8C8E2EE6317 |
SHA-256: | 090BB796EC1FFD9B7C050F86BDAA8A1614985D8BEBE3965DB8F39A569603D24A |
SHA-512: | 465A04D661CA6B454FA44FAF4143189F86B43D86060308409987B3162C30AE6DC9584AA2833A759DB9B71435FDF8AC583AE9034FF98204BEB6D91452D18D9BA3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 107504 |
Entropy (8bit): | 6.536585324272613 |
Encrypted: | false |
SSDEEP: | 1536:UhKYFAVrKO6PcIgpCaYov3ZKCZwaG70Ur/61cVtat/gLaoU0Sj09P0e:dmlPcNphvo0mtV1La8Lse |
MD5: | 09D1974A03068D4311F1CE94B765E817 |
SHA1: | 7DD683571E4DCCAF181A5271BBCF15B3BC9D0155 |
SHA-256: | 5D4F713CFC98E7148B67D063193D93BFE29F8329705A03690590633FADE32EE5 |
SHA-512: | 07FD0700C8368485BEC91847C4B9721B059FEDB678C603A57FBD5DABCF110C80B0BD1D114384D4334F0412F3F4FD93C839A1B17F3A9F02C25CD59216692A8AC9 |
Malicious: | true |
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 577024 |
Entropy (8bit): | 7.365924302927238 |
Encrypted: | false |
SSDEEP: | 12288:KEpKNOQ/1mgFgnHF+2ryqfut4iob3vBzx4PQpIQbwhsi:lpKbbFgl+2Oqfuqiob3JUFs |
MD5: | 809E11DECADAEBE2454EFEDD620C4769 |
SHA1: | A121B9FC2010247C65CE8975FE4D88F5E9AC953E |
SHA-256: | 8906D8D8BCD7C8302A3E56EA2EBD0357748ACC9D3FDA91925609C742384B9CC2 |
SHA-512: | F78F46437C011C102A9BCEC2A8565EDC75500C9448AC17457FF44D3C8DB1980F772C0D1546F1DEE0F8A6F2C7273A5A915860B768DE9BB24EBEFE2907CE18B0DF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1257472 |
Entropy (8bit): | 4.869587549920812 |
Encrypted: | false |
SSDEEP: | 12288:habbKACcbDWwVedYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:saXcfWwgSKrhncQYlez5nGa84djgol |
MD5: | C770563E0C71B17EF44FF21185C63AD3 |
SHA1: | 6AA9A5A97217143DA9F7E7F6FAB2CE71E127D6F2 |
SHA-256: | 45EE8F805EBB6C92B215B7C559BB778F5AC5AC7A913EBC028CF70EBE426EB1FD |
SHA-512: | CD52CD910CDF19245BE808AF2398D57A361E8D0EE7B57D5B5382CE56C1AB4E0B3D2D74877E50F1389E5069C85D60A3659A21991BF43BBD4049D1234129310127 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.887324738140095 |
TrID: |
|
File name: | drytex.dll |
File size: | 1253376 |
MD5: | b85405fc1d3a4473826d7ebd31111a50 |
SHA1: | 4b62c6e56be21a0dc8f285a23ca62a055a768956 |
SHA256: | 26af00a279ce082c2bb1db2cb50d2d590623e3f20e6c260d77ca77bf72b51797 |
SHA512: | 1335ee999d69930805f41c2b177538ec21cfd7cf11af973caeb4e53bb9893708b4795b556d28bddd41982b360e4f428b17ec80feeb7beff40a095a3f9981cf0f |
SSDEEP: | 12288:WabbKACcbDWwVedYHi4mrh+IyiPU0D88nTtgO9HvjA3RlkuRCYJRB7laUqdezDk5:ZaXcfWwgSKrhncQYlez5nGa84djgol |
TLSH: | 0C45CF0D496F1AC8D6A550F26B3387F6296EF0940420DEBD36B67025ED8DE7D8CC291B |
File Content Preview: | MZ......................@.......................................x..j<..9<..9<..9?.t9I..9...8k..9S.49...9.ou9w..9...8M..9...82..9.7.9...91.I9u..9".:9...9'l590..9".=9/..9...8G..9R..8...9...8P..9S.39v..9?.u9i..9.7.9}..9...8...9".;9i..9..I9S..9Z.e9x..9?.w9... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x14002a5b0 |
Entrypoint Section: | .crt1 |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x54B45CFA [Mon Jan 12 23:47:06 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 25c7ac00c91884fd2923a489ae9dfbca |
Instruction |
---|
dec eax |
mov dword ptr [00037CB9h], ecx |
dec eax |
mov dword ptr [00037CBAh], edx |
dec eax |
or dword ptr [00037CFBh], esi |
dec eax |
mov dword ptr [00037CFCh], edi |
dec eax |
mov dword ptr [00037CFDh], ebx |
dec eax |
mov dword ptr [00037CA6h], ebp |
dec eax |
mov dword ptr [00037CA7h], esp |
dec esp |
mov dword ptr [00037CA8h], eax |
dec esp |
mov dword ptr [00037CA9h], ecx |
dec esp |
mov dword ptr [00037CC2h], esp |
dec esp |
mov dword ptr [00037CB3h], ebp |
dec esp |
or dword ptr [00037CA4h], esi |
dec esp |
mov dword ptr [00037C95h], edi |
dec eax |
lea esi, dword ptr [FFFFD97Eh] |
jmp esi |
ud2 |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x131010 | 0x73a | .ouhvqw |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2ba68 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9e000 | 0xfc98 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xae000 | 0x28bc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x610 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2b000 | 0x90 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2779e | 0x28000 | False | 0.761749267578 | data | 7.8179817907 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x29000 | 0xfe0 | 0x1000 | False | 0.050537109375 | data | 0.497374256831 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.crt1 | 0x2a000 | 0x6fb | 0x1000 | False | 0.25634765625 | data | 2.77764805072 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x2b000 | 0xcc0 | 0x1000 | False | 0.44921875 | data | 4.04304284558 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2c000 | 0x41e09 | 0x42000 | False | 0.577795780066 | data | 6.66561055311 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x6e000 | 0xb46 | 0x1000 | False | 0.0595703125 | data | 0.53656064431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
qwTG | 0x6f000 | 0x2e9a2 | 0x2f000 | False | 0.818348986037 | data | 7.87184991211 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9e000 | 0xfc98 | 0x10000 | False | 0.223709106445 | data | 4.08759024615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xae000 | 0x28bc | 0x3000 | False | 0.105550130208 | data | 5.14379878517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.lqen | 0xb1000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vqb | 0xf7000 | 0x1455 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gjd | 0xf9000 | 0x128f | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wqhqlp | 0xfb000 | 0x1f2a | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.nulizw | 0xfd000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.fgrum | 0xfe000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.mjabqc | 0xff000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ghh | 0x101000 | 0x1e66 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vrqcr | 0x103000 | 0x706 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.siorvl | 0x104000 | 0x1124 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.sqgym | 0x106000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kqhrq | 0x107000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsntf | 0x108000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.iqt | 0x109000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kpwiuc | 0x10b000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.yuzcn | 0x10d000 | 0x5a7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.jbsbuw | 0x10e000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.mdjtj | 0x10f000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.mbjeh | 0x110000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.amb | 0x111000 | 0x3ba | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.lac | 0x112000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.zro | 0x114000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vtq | 0x115000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kyhoy | 0x116000 | 0x3ba | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wvi | 0x117000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.alzw | 0x119000 | 0x1af | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vdsoxe | 0x11a000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pus | 0x11b000 | 0x389 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.oqnl | 0x11c000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ohjt | 0x11d000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ofjxx | 0x11e000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ifw | 0x120000 | 0x896 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.zktgse | 0x121000 | 0x13e | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pmd | 0x122000 | 0x13e | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kexxpw | 0x123000 | 0x3ba | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kiqzd | 0x124000 | 0x13e | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.uslf | 0x125000 | 0x1af | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.zkkgx | 0x126000 | 0x2da | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.phhwk | 0x127000 | 0x543 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.klf | 0x128000 | 0xb4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xme | 0x129000 | 0x543 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.fnxmzz | 0x12a000 | 0x3fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.wpkbi | 0x12b000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gzgei | 0x12d000 | 0xb4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.zep | 0x12e000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.viz | 0x12f000 | 0x1f7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xqen | 0x130000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.ouhvqw | 0x131000 | 0x74a | 0x1000 | False | 0.2734375 | data | 3.18901859221 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_STRING | 0x9ee40 | 0x14a | data | English | United States |
RT_STRING | 0x9ef90 | 0x310 | data | English | United States |
RT_STRING | 0x9f2a0 | 0x162 | data | English | United States |
RT_STRING | 0x9f408 | 0x286 | data | English | United States |
RT_STRING | 0x9f690 | 0x1cc | AmigaOS bitmap font | English | United States |
RT_STRING | 0x9f860 | 0x272 | data | English | United States |
RT_STRING | 0x9fad8 | 0xee | data | English | United States |
RT_STRING | 0x9fbc8 | 0x144 | data | English | United States |
RT_STRING | 0x9fd10 | 0xda | data | English | United States |
RT_STRING | 0x9fdf0 | 0x20e | data | English | United States |
RT_STRING | 0xa0000 | 0x326 | data | English | United States |
RT_STRING | 0xa0328 | 0x33a | data | English | United States |
RT_STRING | 0xa0668 | 0x58c | data | English | United States |
RT_STRING | 0xa0bf8 | 0x2ca | data | English | United States |
RT_STRING | 0xa0ec8 | 0x2ce | data | English | United States |
RT_STRING | 0xa1198 | 0x3c6 | data | English | United States |
RT_STRING | 0xa1560 | 0x41c | data | English | United States |
RT_STRING | 0xa1980 | 0x380 | data | English | United States |
RT_STRING | 0xa1d00 | 0x408 | data | English | United States |
RT_STRING | 0xa2108 | 0x4cc | data | English | United States |
RT_STRING | 0xa25d8 | 0x206 | data | English | United States |
RT_STRING | 0xa27e0 | 0x50a | data | English | United States |
RT_STRING | 0xa2cf0 | 0x168 | data | English | United States |
RT_STRING | 0xa2e58 | 0x12a | data | English | United States |
RT_STRING | 0xa2f88 | 0x36c | data | English | United States |
RT_STRING | 0xa32f8 | 0x2a8 | data | English | United States |
RT_STRING | 0xa35a0 | 0x1de | data | English | United States |
RT_STRING | 0xa3780 | 0x3ec | data | English | United States |
RT_STRING | 0xa3b70 | 0x354 | data | English | United States |
RT_STRING | 0xa3ec8 | 0x19c | data | English | United States |
RT_STRING | 0xa4068 | 0x27e | data | English | United States |
RT_STRING | 0xa42e8 | 0x3d8 | data | English | United States |
RT_STRING | 0xa46c0 | 0x396 | data | English | United States |
RT_STRING | 0xa4a58 | 0x336 | data | English | United States |
RT_STRING | 0xa4d90 | 0x242 | data | English | United States |
RT_STRING | 0xa4fd8 | 0x1ac | data | English | United States |
RT_STRING | 0xa5188 | 0x2f4 | data | English | United States |
RT_STRING | 0xa5480 | 0x3ec | data | English | United States |
RT_STRING | 0xa5870 | 0x570 | data | English | United States |
RT_STRING | 0xa5de0 | 0x3b2 | Hitachi SH big-endian COFF object file, not stripped, 9472 sections, symbol offset=0x4b004200, 83895552 symbols, optional header size 12544 | English | United States |
RT_STRING | 0xa6198 | 0x3aa | data | English | United States |
RT_STRING | 0xa6548 | 0x2c0 | data | English | United States |
RT_STRING | 0xa6808 | 0x226 | data | English | United States |
RT_STRING | 0xa6a30 | 0x248 | data | English | United States |
RT_STRING | 0xa6c78 | 0x8f0 | data | English | United States |
RT_STRING | 0xa7568 | 0x6aa | data | English | United States |
RT_STRING | 0xa7c18 | 0x456 | data | English | United States |
RT_STRING | 0xa8070 | 0x522 | data | English | United States |
RT_STRING | 0xa8598 | 0x51c | data | English | United States |
RT_STRING | 0xa8ab8 | 0x492 | data | English | United States |
RT_STRING | 0xa8f50 | 0x432 | data | English | United States |
RT_STRING | 0xa9388 | 0x6ec | data | English | United States |
RT_STRING | 0xa9a78 | 0x214 | data | English | United States |
RT_STRING | 0xa9c90 | 0x472 | AmigaOS bitmap font | English | United States |
RT_STRING | 0xaa108 | 0x3a2 | data | English | United States |
RT_STRING | 0xaa4b0 | 0xb4 | data | English | United States |
RT_STRING | 0xaa568 | 0x466 | data | English | United States |
RT_STRING | 0xaa9d0 | 0x4b2 | data | English | United States |
RT_STRING | 0xaae88 | 0x312 | data | English | United States |
RT_STRING | 0xab1a0 | 0x106 | data | English | United States |
RT_STRING | 0xab2a8 | 0x24e | data | English | United States |
RT_STRING | 0xab4f8 | 0x2b0 | data | English | United States |
RT_STRING | 0xab7a8 | 0x392 | data | English | United States |
RT_STRING | 0xabb40 | 0x34a | data | English | United States |
RT_STRING | 0xabe90 | 0x404 | data | English | United States |
RT_STRING | 0xac298 | 0x3fc | data | English | United States |
RT_STRING | 0xac698 | 0x27a | data | English | United States |
RT_STRING | 0xac918 | 0xa8 | data | English | United States |
RT_STRING | 0xac9c0 | 0xda | data | English | United States |
RT_STRING | 0xacaa0 | 0x2b2 | data | English | United States |
RT_STRING | 0xacd58 | 0x274 | data | English | United States |
RT_STRING | 0xacfd0 | 0x37c | data | English | United States |
RT_STRING | 0xad350 | 0x3fe | data | English | United States |
RT_STRING | 0xad750 | 0x2c0 | data | English | United States |
RT_STRING | 0xada10 | 0x284 | data | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetBinaryTypeW, GetModuleFileNameW, GetExitCodeProcess, GetModuleHandleW, GetCurrentProcess, GetCurrentProcessId, GetUserDefaultUILanguage |
USER32.dll | SetProcessDefaultLayout, IsProcessDPIAware, ChildWindowFromPointEx, GetThreadDesktop |
GDI32.dll | GetCharWidthW, FlattenPath |
ADVAPI32.dll | InitiateSystemShutdownExW |
Name | Ordinal | Address |
---|---|---|
DllCanUnloadNow | 111 | 0x14000ffd0 |
DllGetClassObject | 115 | 0x140002d30 |
DwmAttachMilContent | 116 | 0x1400112ac |
DwmDefWindowProc | 117 | 0x14000b39c |
DwmDetachMilContent | 118 | 0x140002198 |
DwmEnableBlurBehindWindow | 119 | 0x1400179cc |
DwmEnableComposition | 102 | 0x140026b64 |
DwmEnableMMCSS | 120 | 0x140011870 |
DwmExtendFrameIntoClientArea | 121 | 0x14001bdf0 |
DwmFlush | 122 | 0x14000bf54 |
DwmGetColorizationColor | 123 | 0x140022534 |
DwmGetCompositionTimingInfo | 129 | 0x14000afa4 |
DwmGetGraphicsStreamClient | 130 | 0x14001aef4 |
DwmGetGraphicsStreamTransformHint | 149 | 0x140004d40 |
DwmGetTransportAttributes | 183 | 0x140013134 |
DwmGetUnmetTabRequirements | 184 | 0x14000a0ac |
DwmGetWindowAttribute | 185 | 0x14001a968 |
DwmInvalidateIconicBitmaps | 186 | 0x140023a0c |
DwmIsCompositionEnabled | 187 | 0x14000e64c |
DwmModifyPreviousDxFrameDuration | 188 | 0x14001caa4 |
DwmQueryThumbnailSourceSize | 189 | 0x14000ac9c |
DwmRegisterThumbnail | 191 | 0x140007828 |
DwmRenderGesture | 192 | 0x14001dec4 |
DwmSetDxFrameDuration | 193 | 0x14001e530 |
DwmSetIconicLivePreviewBitmap | 194 | 0x14000f418 |
DwmSetIconicThumbnail | 195 | 0x14001433c |
DwmSetPresentParameters | 196 | 0x140024ffc |
DwmSetWindowAttribute | 197 | 0x1400247c8 |
DwmShowContact | 198 | 0x14001e4ac |
DwmTetherContact | 199 | 0x1400062e0 |
DwmTetherTextContact | 156 | 0x140004a9c |
DwmTransitionOwnedWindow | 200 | 0x140010880 |
DwmUnregisterThumbnail | 201 | 0x1400236f0 |
DwmUpdateThumbnailProperties | 202 | 0x14001db58 |
DwmpAllocateSecurityDescriptor | 136 | 0x14001bbd4 |
DwmpDxBindSwapChain | 125 | 0x140027080 |
DwmpDxGetWindowSharedSurface | 100 | 0x14001ace8 |
DwmpDxUnbindSwapChain | 126 | 0x14000ab48 |
DwmpDxUpdateWindowRedirectionBltSurface | 133 | 0x140001bec |
DwmpDxUpdateWindowSharedSurface | 101 | 0x14001ad00 |
DwmpDxgiIsThreadDesktopComposited | 128 | 0x140019038 |
DwmpEnableDDASupport | 143 | 0x140014360 |
DwmpFreeSecurityDescriptor | 137 | 0x140014694 |
DwmpGetColorizationParameters | 127 | 0x14001ef3c |
DwmpRenderFlick | 135 | 0x140008100 |
DwmpSetColorizationParameters | 131 | 0x140017c40 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Code Manipulations
Function Name | Hook Type | Active in Processes |
---|---|---|
ZwSetEvent | INLINE | explorer.exe |
RtlAllocateMemoryBlockLookaside | INLINE | explorer.exe |
RtlAllocateMemoryZone | INLINE | explorer.exe |
NtSetEvent | INLINE | explorer.exe |
Function Name | Hook Type | New Data |
---|---|---|
ZwSetEvent | INLINE | 0xE9 0x9B 0xBB 0xB5 0x5E 0xEF |
RtlAllocateMemoryBlockLookaside | INLINE | 0x48 0x88 0x89 0x9E 0xE0 0x03 |
RtlAllocateMemoryZone | INLINE | 0x8D 0xDA 0xAC 0xC2 0x24 0x49 |
NtSetEvent | INLINE | 0xE9 0x9B 0xBB 0xB5 0x5E 0xEF |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:34:08 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fc2f0000 |
File size: | 140288 bytes |
MD5 hash: | 4E8A40CAD6CCC047914E3A7830A2D8AA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 1 |
Start time: | 07:34:08 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62f630000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 07:34:09 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff750960000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 3 |
Start time: | 07:34:09 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff703c90000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 07:34:09 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff703c90000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 5 |
Start time: | 07:34:11 |
Start date: | 18/04/2022 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b8cf0000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 07:34:13 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff703c90000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 7 |
Start time: | 07:34:16 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff703c90000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 18 |
Start time: | 07:35:04 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\phoneactivate.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76d130000 |
File size: | 107504 bytes |
MD5 hash: | 09D1974A03068D4311F1CE94B765E817 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 19 |
Start time: | 07:35:10 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62f630000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 20 |
Start time: | 07:35:11 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 23 |
Start time: | 07:35:22 |
Start date: | 18/04/2022 |
Path: | C:\Users\user\AppData\Roaming\ThotvT\phoneactivate.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744380000 |
File size: | 107504 bytes |
MD5 hash: | 09D1974A03068D4311F1CE94B765E817 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 24 |
Start time: | 07:35:23 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\pwcreator.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ef240000 |
File size: | 800768 bytes |
MD5 hash: | BF33FA218E0B4F6AEC77616BE0F5DD9D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 25 |
Start time: | 07:35:24 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\SppExtComObj.Exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca820000 |
File size: | 577024 bytes |
MD5 hash: | 809E11DECADAEBE2454EFEDD620C4769 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Target ID: | 30 |
Start time: | 07:35:29 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62f630000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 34 |
Start time: | 07:35:29 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 36 |
Start time: | 07:35:30 |
Start date: | 18/04/2022 |
Path: | C:\Users\user\AppData\Roaming\ThotvT\phoneactivate.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744380000 |
File size: | 107504 bytes |
MD5 hash: | 09D1974A03068D4311F1CE94B765E817 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 38 |
Start time: | 07:35:33 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\dllhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f1fd0000 |
File size: | 20888 bytes |
MD5 hash: | 2528137C6745C4EADD87817A1909677E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 42 |
Start time: | 07:35:38 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff77eda0000 |
File size: | 226816 bytes |
MD5 hash: | 838D346D1D28F00783B7A6C6BD03A0DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 43 |
Start time: | 07:35:38 |
Start date: | 18/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 44 |
Start time: | 07:35:39 |
Start date: | 18/04/2022 |
Path: | C:\Users\user\AppData\Roaming\ThotvT\phoneactivate.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff744380000 |
File size: | 107504 bytes |
MD5 hash: | 09D1974A03068D4311F1CE94B765E817 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Execution Graph
Execution Coverage: | 2.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 22.5% |
Total number of Nodes: | 565 |
Total number of Limit Nodes: | 63 |
Graph
Function 0000000140049CE8 Relevance: 3.3, APIs: 2, Instructions: 298registryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140040370 Relevance: 1.7, APIs: 1, Instructions: 196libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004357C Relevance: 1.6, APIs: 1, Instructions: 140synchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003DEEC Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400343E8 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F4D0 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140033C60 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003ECBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042CC8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 241COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400099AC Relevance: .9, Instructions: 921COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400162E0 Relevance: .8, Instructions: 794COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061A90 Relevance: .7, Instructions: 705COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140012D8C Relevance: .6, Instructions: 595COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022004 Relevance: .6, Instructions: 594COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140013B64 Relevance: .6, Instructions: 561COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140008B94 Relevance: .5, Instructions: 537COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400243E0 Relevance: .5, Instructions: 529COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140053670 Relevance: .5, Instructions: 503COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140032750 Relevance: .5, Instructions: 502COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140012474 Relevance: .5, Instructions: 496COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D69C Relevance: .5, Instructions: 488COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140003CC4 Relevance: .5, Instructions: 468COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000AC74 Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002782C Relevance: .4, Instructions: 427COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140011DE4 Relevance: .4, Instructions: 425COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400027DC Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400515A0 Relevance: .4, Instructions: 397COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060014 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F8A4 Relevance: .4, Instructions: 390COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140055364 Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400659F0 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140014644 Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003A60C Relevance: .4, Instructions: 350COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140038478 Relevance: .3, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042504 Relevance: .3, Instructions: 321COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002BAEC Relevance: .3, Instructions: 319COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063324 Relevance: .3, Instructions: 316COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001C7CC Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060B8C Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140032128 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400205D8 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140041F3C Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066100 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D914 Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002AD38 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002DAA4 Relevance: .3, Instructions: 260COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BBBC Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001158 Relevance: .3, Instructions: 256COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F4B8 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001BEC8 Relevance: .3, Instructions: 253COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001A78 Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001CF40 Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000ECD0 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051D90 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140053EC0 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000F848 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003D878 Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F198 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002747C Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400466C4 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140044CD8 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017F40 Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031DCC Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D5EC Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004E954 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400137A0 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140043AC0 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140006AEC Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004E628 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140021BD8 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140049980 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063CB4 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400512E0 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017CD4 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031670 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140050EA8 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023E1C Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002EA1C Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061283 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140024028 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400280AC Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002B3F3 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002B429 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004ECF8 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140021E1C Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002E030 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400365D0 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004A660 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EF0C Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004A4B0 Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F0AC Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001B250 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001B4AC Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000578C Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140004C0C Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Function 028721FF Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02871FF9 Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744388058 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 209threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744381E00 Relevance: 31.6, APIs: 3, Strings: 15, Instructions: 131COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443812F8 Relevance: 27.3, APIs: 18, Instructions: 293windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443897D4 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 212memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438730C Relevance: 25.8, APIs: 17, Instructions: 275memorycomCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744385998 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 141filememorylibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443891DC Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 256memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438B9B4 Relevance: 15.1, APIs: 12, Instructions: 142memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438D220 Relevance: 13.9, APIs: 11, Instructions: 133memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438A094 Relevance: 12.7, APIs: 10, Instructions: 187memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744386920 Relevance: 10.6, APIs: 7, Instructions: 110memorythreadwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438E060 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438BFE4 Relevance: 58.7, APIs: 19, Strings: 20, Instructions: 167COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438C3A4 Relevance: 34.6, APIs: 11, Strings: 12, Instructions: 111COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744386408 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443829B0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 167threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744387B50 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 133COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744381120 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 49libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744382C54 Relevance: 16.6, APIs: 11, Instructions: 138memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438BDF8 Relevance: 16.6, APIs: 3, Strings: 8, Instructions: 135memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443837D4 Relevance: 15.1, APIs: 10, Instructions: 125memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438B7A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 150memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438B33C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108registrymemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438BBC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744382F80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 161memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744388624 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443825F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744384FC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 125fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744385BA8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443867E4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443896E4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438ADF8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438E1F0 Relevance: 9.0, APIs: 6, Instructions: 50timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438AD6C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF744383218 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438C574 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 126memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF74438AFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7443817A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |