Windows
Analysis Report
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 68e7a0fa9f7dbbb34bc4bad97690ea72.exe (PID: 6356 cmdline:
"C:\Users\ user\Deskt op\68e7a0f a9f7dbbb34 bc4bad9769 0ea72.exe" MD5: D9079709C37A9977A75123A38CBD6660) - [New]1.exe (PID: 6432 cmdline:
C:\Users\u ser\AppDat a\Roaming\ [New]1.exe MD5: 9374A16E2B48794C1C45798358A87352) - conhost.exe (PID: 4856 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - AppLaunch.exe (PID: 5556 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\AppL aunch.exe MD5: 6807F903AC06FF7E1670181378690B22) - reg.exe (PID: 5996 cmdline:
REG ADD HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Run / v OneDrive /t REG_SZ /f /d C:\ Users\user \AppData\L ocal\Micro soft\OneDr ive\OneDri ve.exe MD5: CEE2A7E57DF2A159A065A34913A055C2) - conhost.exe (PID: 5596 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - reg.exe (PID: 6628 cmdline:
REG ADD HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Explo rer\Startu pApproved\ Run /v One Drive /t R EG_BINARY /f /d 0200 0000000000 0000000000 MD5: CEE2A7E57DF2A159A065A34913A055C2) - conhost.exe (PID: 4208 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - [New]Salvity_crypted(2).exe (PID: 5824 cmdline:
C:\Users\u ser\AppDat a\Roaming\ [New]Salvi ty_crypted (2).exe MD5: 2A1FF9C5A823F8F05520932A0A39F345) - conhost.exe (PID: 6064 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - AppLaunch.exe (PID: 2480 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\AppL aunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
- cleanup
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040646B | |
Source: | Code function: | 0_2_004027A1 | |
Source: | Code function: | 0_2_004058BF | |
Source: | Code function: | 11_2_00406F00 | |
Source: | Code function: | 11_2_004364E3 |
Networking |
---|
Source: | DNS query: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 11_2_00406590 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0040535C |
System Summary |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00403348 |
Source: | Code function: | 0_2_00406945 | |
Source: | Code function: | 0_2_0040711C | |
Source: | Code function: | 11_2_00401000 | |
Source: | Code function: | 11_2_004031B0 | |
Source: | Code function: | 11_2_0042F090 | |
Source: | Code function: | 11_2_0042F2C2 | |
Source: | Code function: | 11_2_0042C500 | |
Source: | Code function: | 11_2_0042F51F | |
Source: | Code function: | 11_2_0042A59B | |
Source: | Code function: | 11_2_0043E70F | |
Source: | Code function: | 11_2_0043585E | |
Source: | Code function: | 11_2_0043597E | |
Source: | Code function: | 11_2_00427990 | |
Source: | Code function: | 11_2_00439F59 | |
Source: | Code function: | 21_2_00A138DD | |
Source: | Code function: | 21_2_009FF3D3 | |
Source: | Code function: | 21_2_00A023D0 | |
Source: | Code function: | 21_2_00A11C9A | |
Source: | Code function: | 21_2_00A0858C | |
Source: | Code function: | 21_2_009FF605 | |
Source: | Code function: | 21_2_00A137BD | |
Source: | Code function: | 25_2_011CC370 | |
Source: | Code function: | 25_2_011CE2D0 | |
Source: | Code function: | 25_2_011C1479 | |
Source: | Code function: | 25_2_011C0858 | |
Source: | Code function: | 25_2_011C0B30 | |
Source: | Code function: | 25_2_011C1D71 | |
Source: | Code function: | 25_2_011CCC40 | |
Source: | Code function: | 25_2_011CC028 | |
Source: | Code function: | 25_2_011C20A8 | |
Source: | Code function: | 25_2_011C10A9 | |
Source: | Code function: | 25_2_011C1570 | |
Source: | Code function: | 25_2_011C0B20 | |
Source: | Code function: | 25_2_011C0B6A | |
Source: | Code function: | 25_2_011C1E21 | |
Source: | Code function: | 25_2_09567530 | |
Source: | Code function: | 25_2_09567520 |
Source: | Process Stats: |
Source: | Process created: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00403348 |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_0040216B |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0040460D |
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 11_2_00406940 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 21_2_009FA756 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0040646B | |
Source: | Code function: | 0_2_004027A1 | |
Source: | Code function: | 0_2_004058BF | |
Source: | Code function: | 11_2_00406F00 | |
Source: | Code function: | 11_2_004364E3 |
Source: | API call chain: | graph_0-3273 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 11_2_00429143 |
Source: | Code function: | 11_2_00437E10 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 11_2_00429634 | |
Source: | Code function: | 11_2_004326E4 | |
Source: | Code function: | 11_2_004326A0 | |
Source: | Code function: | 11_2_00432715 | |
Source: | Code function: | 11_2_00421C60 | |
Source: | Code function: | 21_2_00A03A35 | |
Source: | Code function: | 21_2_00A0EC04 | |
Source: | Code function: | 21_2_009F27C0 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 11_2_00425476 | |
Source: | Code function: | 11_2_00429143 | |
Source: | Code function: | 11_2_004252E3 | |
Source: | Code function: | 11_2_00424E5C | |
Source: | Code function: | 21_2_009FA8E8 | |
Source: | Code function: | 21_2_00A00430 | |
Source: | Code function: | 21_2_009FAC0D |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 21_2_00A108E9 | |
Source: | Code function: | 21_2_00A109CF | |
Source: | Code function: | 21_2_00A10934 | |
Source: | Code function: | 21_2_00A06276 | |
Source: | Code function: | 21_2_00A10DD3 | |
Source: | Code function: | 21_2_00A10647 | |
Source: | Code function: | 21_2_00A10FA8 | |
Source: | Code function: | 21_2_00A06798 |
Source: | Code function: | 11_2_00402440 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 11_2_004251D0 |
Source: | Code function: | 0_2_00403348 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 111 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 1 Disable or Modify Tools | 1 Input Capture | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Web Service | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 311 Process Injection | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 2 File and Directory Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 4 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 3 Obfuscated Files or Information | Security Account Manager | 36 System Information Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 11 Encrypted Channel | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Software Packing | NTDS | 231 Security Software Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 11 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 4 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Modify Registry | Cached Domain Credentials | 2 Process Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 11 Virtualization/Sandbox Evasion | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 System Network Configuration Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 311 Process Injection | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1224689 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Redcap.sblry | ||
40% | Virustotal | Browse | ||
11% | Metadefender | Browse | ||
15% | ReversingLabs | Win64.Trojan.MintZard | ||
4% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/ATRAPS.Gen4 | Download File | ||
100% | Avira | HEUR/AGEN.1213159 | Download File | ||
100% | Avira | HEUR/AGEN.1213159 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1213159 | Download File | ||
100% | Avira | HEUR/AGEN.1203048 | Download File | ||
100% | Avira | HEUR/AGEN.1213159 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1203048 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ipinfo.io | 34.117.59.81 | true | false | high | |
ip-api.com | 208.95.112.1 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
34.117.59.81 | ipinfo.io | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 620098 |
Start date and time: 04/05/202211:02:19 | 2022-05-04 11:02:19 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 68e7a0fa9f7dbbb34bc4bad97690ea72.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 36 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@18/7@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:04:56 | Autostart | |
11:05:04 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
208.95.112.1 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ipinfo.io | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
ip-api.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TUT-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 233 |
Entropy (8bit): | 6.351070857316637 |
Encrypted: | false |
SSDEEP: | 6:Ywwir/rRAmV/6tYQVPCdUIN9MoL6JjqPsu9zd+:YwVJAmyYf3Gesu/+ |
MD5: | 26B7B18060A05B2D2EB961AB8D08473F |
SHA1: | F1BDD0DC038A2DE7DB88A5BDBAF61762AB7FA733 |
SHA-256: | 41D5459E1A8E326BC4AF4E3B5F1A85970082842FEF6D8C25078073D89C8515FA |
SHA-512: | EA337A03ED042131249C5D4B86345D8761C13C431AA82B632D737D0B1F4FA2EADF2472EF1A80FC8E9E2D5EA4E73085F3E50BED5A9DBB3EE5C5F954CF7F76765A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 180120 |
Entropy (8bit): | 5.416376176720327 |
Encrypted: | false |
SSDEEP: | 3072:I/D8SxgtONJf2IoY3UJMYZIP1kZZP7n+H:lSxgELf2ItUJM2ZD+ |
MD5: | F3AF73070387FB75B19286826CC3126C |
SHA1: | 7774854137D7ADA89F3B4BDF67631456A1E74853 |
SHA-256: | 974243F2487CEEB8EEEA6AA8FEE215F15C7B204382D4BD12F469F712F56C3610 |
SHA-512: | A620583B2D89E3F0350AE4D5DFE2B2C160D2F982B29DEA6B8E273BB39AB2D1D91A2452238E9C30CDD7151AA555E231E1AC9930F9D76F6FF80504EACB25FA557A |
Malicious: | true |
Antivirus: | |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324096 |
Entropy (8bit): | 5.699237249614132 |
Encrypted: | false |
SSDEEP: | 6144:dJ44tdGSdC73ucShSi5ARPL4emfJFD+Tx:dW7EekJ |
MD5: | FED6517A5F84EECC29EDEE5586D7FEEB |
SHA1: | 56DF244BF73C7EC7B59C98E1F5D47B379B58A06B |
SHA-256: | 5075A0587B1B35C0152D8C44468641D0AB1C52FD8F1814EE257ECEB9FFCB89B6 |
SHA-512: | 45CAB4395D509B5D7DFB904E84D5A679440412F494C4970191B5882572F4D1B9C9CD28D41A49619353C405C2477153B4A7A1568FCF307709DF0B81B38C405642 |
Malicious: | false |
Antivirus: | |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 169 |
Entropy (8bit): | 4.51833957423091 |
Encrypted: | false |
SSDEEP: | 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGu:q43tISl6kXiMIWSU6XlI5LPtIpfGu |
MD5: | 84855C13836B389D5EC7CFD4C9266173 |
SHA1: | 1CF3056FF23C4176FD7CA9816A000ED461D6D323 |
SHA-256: | 502083C916AE481CDD413B8D93315300653DF5FB3DCC5770C01991DE19977EAE |
SHA-512: | 2479112004884D42D4FFE1174DC358C5D1B0FA2B41641D32F2FB67539C4F834D63CFBBF7E98C63B9A64E49B26390C410BB7E50F1AD4A755F32D081367AF05FCB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 251 |
Entropy (8bit): | 4.8839579675926075 |
Encrypted: | false |
SSDEEP: | 3:0wMgRn9tupqHHf9hyLMfEtpvHf+LLQvSHCh2HExCRAfYC2fQ8CQcCMyt8q25TvYn:0wMgRnPupGhQpff+LLgS1H5a76W35jY |
MD5: | F64CD79B1CF99E4D5C270845546D73E7 |
SHA1: | F46F0F4F7F38DE226E2EF3E7472B5EF9545EAC95 |
SHA-256: | BAB165EF8C0BB0F861B0DC2D44565A441C98B08EF304917E6A2AE115D551EDCA |
SHA-512: | 578FB07220AD1B53FCC88415ADF2CE6B8ACF1D1A55A376B169E02E71D795633BC9EC4FD87F86D1A88AF55E62428EE20D1EDC721F59FC0A0E293B80871805880A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\68e7a0fa9f7dbbb34bc4bad97690ea72.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 723681280 |
Entropy (8bit): | 0.13321335273755866 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9374A16E2B48794C1C45798358A87352 |
SHA1: | D08E70CEC222C16F6378868900ACB4C24FD033DA |
SHA-256: | 035890626F0102606F69BD4183A7E66B95662C5E28406CD201DE732F97850999 |
SHA-512: | 90B8B73F9E43C0476665B495580D987C65F2F0EE0D211572667931A3EA16E8E0224CA67098CD31F3BF8579D3D7365841F3493A446D26F7A9AF91D4915437E74D |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\68e7a0fa9f7dbbb34bc4bad97690ea72.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 718766080 |
Entropy (8bit): | 0.04267333524765672 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2A1FF9C5A823F8F05520932A0A39F345 |
SHA1: | 734EB1D6FF6A3FDCE698E948BD38C2C1D9E3F6BE |
SHA-256: | ECFCC335DFCB521D0FA2864DCC3E43D0673248EBF179B918576ABC4CE5A39149 |
SHA-512: | 1D8E859F4D3517DD5DC680AF554330145EB485E459B4A54AF39030DC089DD9874698FBF1722984C13755CAAD64921759AC65F4DEA62508F94F78A771A125B884 |
Malicious: | true |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.825900394378421 |
TrID: |
|
File name: | 68e7a0fa9f7dbbb34bc4bad97690ea72.exe |
File size: | 5888624 |
MD5: | d9079709c37a9977a75123a38cbd6660 |
SHA1: | 0f7af4f8fe342afc826d5b6a7ffb0c145b371c50 |
SHA256: | b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3 |
SHA512: | a6d3992a6842d4433d3ce46439b14e02de34929309263ff08d4e7a561a52210a886a146afc3579aa44c28a528fc798c6c615543a805212bc382e4e7141c842bd |
SSDEEP: | 98304:bumoQRPPfNT4k+yX/wURxAwFGQWijQ4QeDUOr:aKPPfN1vzRxvGcTQNO |
TLSH: | 2B56336AB7D2F05FF15A4034AA6F46BDE9D5D23B089742433B327B9D8E732E06798440 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L...".$_.................f...|......H3............@ |
Icon Hash: | 78f4b26aea86cc39 |
Entrypoint: | 0x403348 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5F24D722 [Sat Aug 1 02:44:50 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | ced282d9b261d1462772017fe2f6972b |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080B8h] |
call dword ptr [004080BCh] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F42Ch], eax |
je 00007F22DCCFAEF3h |
push ebx |
call 00007F22DCCFE056h |
cmp eax, ebx |
je 00007F22DCCFAEE9h |
push 00000C00h |
call eax |
mov esi, 004082A0h |
push esi |
call 00007F22DCCFDFD2h |
push esi |
call dword ptr [004080CCh] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F22DCCFAECDh |
push 0000000Bh |
call 00007F22DCCFE02Ah |
push 00000009h |
call 00007F22DCCFE023h |
push 00000007h |
mov dword ptr [0042F424h], eax |
call 00007F22DCCFE017h |
cmp eax, ebx |
je 00007F22DCCFAEF1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F22DCCFAEE9h |
or byte ptr [0042F42Fh], 00000040h |
push ebp |
call dword ptr [00408038h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [0042F4F8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429850h |
call dword ptr [0040816Ch] |
push 0040A188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8544 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x38000 | 0x3cf90 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x29c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6457 | 0x6600 | False | 0.66823682598 | data | 6.43498570321 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1380 | 0x1400 | False | 0.4625 | data | 5.26100389731 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25538 | 0x600 | False | 0.463541666667 | data | 4.133728555 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x30000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x38000 | 0x3cf90 | 0x3d000 | False | 0.249219550461 | data | 4.35162989916 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x38190 | 0x3c828 | data | English | United States |
RT_DIALOG | 0x749b8 | 0x100 | data | English | United States |
RT_DIALOG | 0x74ab8 | 0x11c | data | English | United States |
RT_DIALOG | 0x74bd8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x74c38 | 0x14 | data | English | United States |
RT_MANIFEST | 0x74c50 | 0x340 | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA |
SHELL32.dll | SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA |
ole32.dll | IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 11:04:57.164717913 CEST | 49751 | 80 | 192.168.2.3 | 34.117.59.81 |
May 4, 2022 11:04:57.182771921 CEST | 80 | 49751 | 34.117.59.81 | 192.168.2.3 |
May 4, 2022 11:04:57.183008909 CEST | 49751 | 80 | 192.168.2.3 | 34.117.59.81 |
May 4, 2022 11:04:57.196104050 CEST | 49751 | 80 | 192.168.2.3 | 34.117.59.81 |
May 4, 2022 11:04:57.214198112 CEST | 80 | 49751 | 34.117.59.81 | 192.168.2.3 |
May 4, 2022 11:04:57.320519924 CEST | 80 | 49751 | 34.117.59.81 | 192.168.2.3 |
May 4, 2022 11:04:57.320873022 CEST | 49751 | 80 | 192.168.2.3 | 34.117.59.81 |
May 4, 2022 11:04:57.688076019 CEST | 49752 | 80 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:57.713736057 CEST | 80 | 49752 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:57.713867903 CEST | 49752 | 80 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:57.722719908 CEST | 49752 | 80 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:57.748161077 CEST | 80 | 49752 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:57.752892017 CEST | 80 | 49752 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:57.752981901 CEST | 49752 | 80 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.041876078 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.041917086 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.042027950 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.077089071 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.077117920 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.143858910 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.143985987 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.798803091 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.798834085 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.799099922 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.799282074 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.818646908 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.845227003 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.845299006 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:04:58.845374107 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.845431089 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.851447105 CEST | 49753 | 443 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:04:58.851480961 CEST | 443 | 49753 | 149.154.167.220 | 192.168.2.3 |
May 4, 2022 11:05:00.471730947 CEST | 49752 | 80 | 192.168.2.3 | 149.154.167.220 |
May 4, 2022 11:05:00.472508907 CEST | 49751 | 80 | 192.168.2.3 | 34.117.59.81 |
May 4, 2022 11:05:52.304184914 CEST | 49758 | 80 | 192.168.2.3 | 208.95.112.1 |
May 4, 2022 11:05:52.333689928 CEST | 80 | 49758 | 208.95.112.1 | 192.168.2.3 |
May 4, 2022 11:05:52.333794117 CEST | 49758 | 80 | 192.168.2.3 | 208.95.112.1 |
May 4, 2022 11:05:52.334960938 CEST | 49758 | 80 | 192.168.2.3 | 208.95.112.1 |
May 4, 2022 11:05:52.364938974 CEST | 80 | 49758 | 208.95.112.1 | 192.168.2.3 |
May 4, 2022 11:05:52.435719967 CEST | 49758 | 80 | 192.168.2.3 | 208.95.112.1 |
May 4, 2022 11:07:02.036622047 CEST | 80 | 49758 | 208.95.112.1 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 11:04:57.121784925 CEST | 57723 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2022 11:04:57.139869928 CEST | 53 | 57723 | 8.8.8.8 | 192.168.2.3 |
May 4, 2022 11:04:57.652760983 CEST | 58116 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2022 11:04:57.670851946 CEST | 53 | 58116 | 8.8.8.8 | 192.168.2.3 |
May 4, 2022 11:05:52.231525898 CEST | 65358 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2022 11:05:52.247823000 CEST | 53 | 65358 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 4, 2022 11:04:57.121784925 CEST | 192.168.2.3 | 8.8.8.8 | 0x94ce | Standard query (0) | A (IP address) | IN (0x0001) | |
May 4, 2022 11:04:57.652760983 CEST | 192.168.2.3 | 8.8.8.8 | 0xf495 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 4, 2022 11:05:52.231525898 CEST | 192.168.2.3 | 8.8.8.8 | 0x2911 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 4, 2022 11:04:57.139869928 CEST | 8.8.8.8 | 192.168.2.3 | 0x94ce | No error (0) | 34.117.59.81 | A (IP address) | IN (0x0001) | ||
May 4, 2022 11:04:57.670851946 CEST | 8.8.8.8 | 192.168.2.3 | 0xf495 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | ||
May 4, 2022 11:05:52.247823000 CEST | 8.8.8.8 | 192.168.2.3 | 0x2911 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49753 | 149.154.167.220 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49751 | 34.117.59.81 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 11:04:57.196104050 CEST | 1212 | OUT | |
May 4, 2022 11:04:57.320519924 CEST | 1213 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49752 | 149.154.167.220 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 11:04:57.722719908 CEST | 1214 | OUT | |
May 4, 2022 11:04:57.752892017 CEST | 1215 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49758 | 208.95.112.1 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 11:05:52.334960938 CEST | 1281 | OUT | |
May 4, 2022 11:05:52.364938974 CEST | 1281 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49753 | 149.154.167.220 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-04 09:04:58 UTC | 0 | OUT | |
2022-05-04 09:04:58 UTC | 0 | IN | |
2022-05-04 09:04:58 UTC | 0 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:03:33 |
Start date: | 04/05/2022 |
Path: | C:\Users\user\Desktop\68e7a0fa9f7dbbb34bc4bad97690ea72.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 5888624 bytes |
MD5 hash: | D9079709C37A9977A75123A38CBD6660 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 9 |
Start time: | 11:04:37 |
Start date: | 04/05/2022 |
Path: | C:\Users\user\AppData\Roaming\[New]1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x320000 |
File size: | 723681280 bytes |
MD5 hash: | 9374A16E2B48794C1C45798358A87352 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 10 |
Start time: | 11:04:39 |
Start date: | 04/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 11 |
Start time: | 11:04:40 |
Start date: | 04/05/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 98912 bytes |
MD5 hash: | 6807F903AC06FF7E1670181378690B22 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 12 |
Start time: | 11:04:54 |
Start date: | 04/05/2022 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 14 |
Start time: | 11:04:55 |
Start date: | 04/05/2022 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 15 |
Start time: | 11:04:55 |
Start date: | 04/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 16 |
Start time: | 11:04:56 |
Start date: | 04/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 21 |
Start time: | 11:05:45 |
Start date: | 04/05/2022 |
Path: | C:\Users\user\AppData\Roaming\[New]Salvity_crypted(2).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 718766080 bytes |
MD5 hash: | 2A1FF9C5A823F8F05520932A0A39F345 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 24 |
Start time: | 11:05:45 |
Start date: | 04/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 25 |
Start time: | 11:05:47 |
Start date: | 04/05/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 98912 bytes |
MD5 hash: | 6807F903AC06FF7E1670181378690B22 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Execution Graph
Execution Coverage: | 13.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16.6% |
Total number of Nodes: | 1315 |
Total number of Limit Nodes: | 17 |
Graph
Function 00403348 Relevance: 89.6, APIs: 33, Strings: 18, Instructions: 366stringcomfileCOMMON
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040390A Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 215stringregistryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402EA1 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040618A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401759 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405796 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Control-flow Graph
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C90 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C6B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405761 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403830 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040535C Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040460D Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 274stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040646B Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004027A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406945 Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040711C Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B80 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042E6 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D66 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402DBA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E35 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E3D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405192 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BF5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.4% |
Total number of Nodes: | 1036 |
Total number of Limit Nodes: | 9 |
Graph
Function 004031B0 Relevance: 58.5, APIs: 31, Strings: 2, Instructions: 787COMMONCrypto
Control-flow Graph
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 25.6, APIs: 13, Strings: 1, Instructions: 1082COMMONCrypto
Control-flow Graph
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406940 Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F00 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425476 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043986E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 43% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402EC0 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402DC0 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402250 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433330 Relevance: 4.5, APIs: 3, Instructions: 18COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004188C0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409F60 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431496 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D50 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064C0 Relevance: 1.6, APIs: 1, Instructions: 74networkCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E50 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B50 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433D9A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004067B0 Relevance: 1.6, APIs: 1, Instructions: 50fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406840 Relevance: 1.6, APIs: 1, Instructions: 50networkCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A70 Relevance: 1.6, APIs: 1, Instructions: 50networkCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D8A0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004325B2 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066C0 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406760 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406710 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D40 Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D90 Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004063D0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406400 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004069F0 Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406C80 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406CB0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004252E3 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437E10 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402440 Relevance: .1, Instructions: 85COMMON
C-Code - Quality: 87% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004326E4 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421C60 Relevance: .0, Instructions: 5COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437A86 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430781 Relevance: 23.2, APIs: 2, Strings: 11, Instructions: 403COMMONLIBRARYCODE
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D010 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 203memoryCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CDA0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 203memoryCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CB30 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 201memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042816A Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432D6E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432360 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004324B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430D0E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
C-Code - Quality: 61% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428EA2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004296B9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043BF64 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433473 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436225 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419930 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402A03 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402961 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402810 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431DAF Relevance: 6.0, APIs: 4, Instructions: 19COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042850F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004351C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMONLIBRARYCODE
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438528 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 7.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 46 |
Graph
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F6EF0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F8D86 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F8DCF Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Control-flow Graph
C-Code - Quality: 49% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F36A0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F79E0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F2210 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A061D2 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F5860 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A06CE7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F1190 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A10647 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A10DD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FAC0D Relevance: 6.1, APIs: 4, Instructions: 73COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A139D4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A04AFE Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A03A77 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 25% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F38C0 Relevance: 7.7, APIs: 5, Instructions: 167COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F70A0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FA240 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMONLIBRARYCODE
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011C6548 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011C9C7C Relevance: 1.6, APIs: 1, Instructions: 96libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09568339 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095655FC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09566658 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09566F3C Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095651F4 Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 095686C9 Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09566ED0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 09567489 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFD4E0 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EFD4DB Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |